child-inscription

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill calls external, public services (e.g., MempoolApi methods like getFeeEstimates, getUtxos, broadcastTransaction and the lookupParentInscription function — with explicit mempool.space references in AGENT.md) to read parent inscription and UTXO data that the agent parses and uses to decide/construct/sign transactions, so untrusted third‑party content can materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to create and broadcast Bitcoin transactions: it estimates fees, requires an unlocked wallet with BTC, broadcasts a "commit" transaction (inscribe) that locks/spends funds, and broadcasts a "reveal" transaction that spends the commit output and the parent UTXO. These are direct crypto/blockchain wallet operations (signing/sending transactions on Bitcoin mainnet), not generic tooling. Therefore it grants direct financial execution capability.