ordinals

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill fetches and parses public, user-generated inscription data from mempool.space (see get-inscription / InscriptionParser and MempoolApi usage in SKILL.md and ordinals.ts), returning bodyText/bodyBase64 and using inscription-derived data when building reveal transactions—so untrusted third-party content is read and can influence transaction-building and agent decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly performs Bitcoin transaction operations: it requires an unlocked Taproot wallet, can derive a receive address, estimates fees, and—critically—broadcasts commit and reveal transactions (inscribe and inscribe-reveal) that spend BTC from the wallet. These are direct crypto wallet signing and transaction-sending actions (moving funds on-chain), so it constitutes direct financial execution capability.