ordinals-p2p

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and processes public, user-generated trade data from the open ledger at https://ledger.drx4.xyz/api/trades (see SKILL.md and the ordinals-p2p.ts commands list-trades, get-trade, my-trades, agents), and that untrusted content is read and used to drive follow-up actions (counters, transfers, etc.), so it can materially influence agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a peer-to-peer crypto trading tool: it creates offers with amounts in sats, allows counters/acceptances, records transfers, and supports atomic PSBT swaps. It requires an unlocked wallet and BIP-137 signatures for write operations and records on-chain transaction hashes. These are specific crypto payment/transaction capabilities (wallet signing, PSBT atomic swaps, transfers) intended to move/manage funds, not a generic tool. Therefore it grants direct financial execution authority.