bitflow-hodlmm-withdraw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches live pool, bin, and user-position data from third‑party APIs (e.g., BITFLOW_API at https://bff.bitflowapis.finance via getPool/getBins/getUserBins) and blockchain indexer endpoints (HIRO_API at https://api.hiro.so via getStxAvailable/getPendingTransactions/getContractInterface) which the agent parses and uses to decide selection, postconditions, and whether/how to build and broadcast withdrawal transactions, so untrusted external content can materially influence its actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly a blockchain fund-movement primitive. It builds and broadcasts HODLMM withdrawal transactions on the Stacks mainnet, requires gas and an unlocked/restorable wallet session, supports signing via CLIENT_MNEMONIC / STACKS_PRIVATE_KEY / AIBTC_WALLET_PASSWORD fallbacks, and refuses to broadcast only unless explicit confirm=EXIT is supplied. The docs state "This is a write skill and can move funds" and describe transaction construction, postconditions, and broadcasting — all concrete crypto transaction capabilities. This matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution.