btc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill directly queries public third‑party APIs (mempool.space via MempoolApi and the Hiro Ordinals API via OrdinalIndexer, as seen in btc.ts and SKILL.md) to fetch UTXO, fee and inscription data that the agent parses and uses to decide which UTXOs to spend (e.g., cardinal vs ordinal selection for transfer), so untrusted public content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides Bitcoin wallet and transaction functionality, including a "transfer" subcommand that sends BTC to a recipient, requires an unlocked wallet, constructs transactions (selecting UTXOs, fee rates, change), and returns a txid/explorer URL. These are direct crypto/blockchain execution capabilities (wallet signing and sending on-chain transactions), not generic tooling. Therefore it grants direct financial execution authority.