aibtc-news

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill explicitly fetches and ingests user-generated content from the public aibtc.news API (e.g., GET /api/signals and GET /api/front-page called in aibtc-news.ts and documented in SKILL.md/AGENT.md), and the agent is expected to read and act on those signals (browse/list signals, front-page) which could materially influence subsequent decisions or tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly requires and uses Bitcoin wallet operations and BIP-322 message signing for write/authenticated operations (claim-beat, file-signal, review-signal, compile-brief, reset-leaderboard). This is not a generic API caller or browser automation — it is a specific crypto-related capability (wallet unlocking + BIP-322 signing). Per the rules, presence of explicit blockchain/wallet signing functionality triggers the Direct Financial Execution flag even if it does not send spend transactions.