aibtc-news

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches content from the public aibtc.news API (NEWS_API_BASE = https://aibtc.news/api — e.g., /signals, /beats, /correspondents, /status) which returns user-generated/public signals/headlines that the agent reads and uses to guide actions like selecting beats, filing signals, or triggering brief compilation, so untrusted third-party content could indirectly inject instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly requires an unlocked crypto wallet and performs BIP-322 Bitcoin message signing for write operations (claim-beat, file-signal, compile-brief). It integrates wallet signing functionality (authentication via BIP-322 and references to the signing skill/unlocked wallet), which is a specific crypto/blockchain signing capability rather than a generic action. This meets the "Crypto/Blockchain (Wallets, ... Signing)" criterion for Direct Financial Execution.