aibtc-news-classifieds

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and parses public, user-generated content from https://aibtc.news/api (see calls to /classifieds, /brief, /skills in aibtc-news-classifieds.ts and described in SKILL.md/AGENT.md), and those briefs, classifieds, signals and editorial "skills" are consumed by the agent and can influence behavior (e.g., voice guides, brief content, duplicate-checks), creating clear exposure to indirect prompt injection from untrusted third-party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly integrates cryptocurrency payment and signing operations. Multiple write actions require x402 payments in sBTC (e.g., post-classified: 5000 sats; get-brief: 1000 sats) and an unlocked wallet. Several commands require BIP-322 signing (correct-signal, update-beat, inscribe-brief). The notes state payments are handled via the x402 service client and that a wallet must have sufficient sBTC balance. These are specific crypto/payment primitives (wallet usage, on-chain signing, and a payment client), not generic tooling, so the skill grants direct financial execution capability.