aibtc-bitcoin-wallet

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires importing mnemonics and unlocking wallets with user-provided passwords/mnemonics, which would cause the agent to accept and include secret values verbatim in tool calls (e.g., wallet_import/wallet_unlock), creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to discover and call external x402 endpoints (e.g., /inference/openrouter/chat, x402.aibtc.com and other x402 services) and to submit public social media URLs for server-side validation (POST /api/claims/viral which fetches a tweet via oEmbed), meaning the agent workflow ingests untrusted, user-generated third‑party content whose responses can influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides wallet management and transaction tools for moving value on-chain. It includes functions to create/import/unlock wallets and a transfer_btc API (parameters: recipient, amount, feeRate) for sending BTC. It also exposes UTXO management, BTC signing, and Layer‑2/Layer‑3 payment capabilities (STX transfers, DEX swaps, sBTC smart-wallet transfers, x402 micropayments and send_inbox_message with optional paymentTxid and automated settlement flow). These are specific, purpose-built financial operations (sending BTC/sBTC, token swaps, on‑chain payments) — not generic tooling — so it grants direct financial execution authority.