aibtc-news-publisher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md verification checklist (Step 3) explicitly instructs the agent to fetch live data from public third-party sources (e.g., curl "https://mempool.space/api/v1/prices", Coinbase, CoinGlass, sbtc.info and protocol dashboards) and to use that information to verify claims and decide approvals, so untrusted external content is ingested and can materially influence the agent's decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes cryptocurrency payment and treasury operations. It references balance-checking APIs (aibtc__get_btc_balance, aibtc__sbtc_get_balance), a specific transfer call (aibtc__sbtc_transfer) for payouts, and an explicit payment workflow (brief inclusion payouts in sBTC, editor/correspondent payouts, recording payout_txid). These are concrete crypto wallet/payment actions (sending sBTC), not generic API or browser automation, so it grants direct financial execution capability.