arkade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly calls third-party APIs (notably the LendaSwap client in src/skills/lendaswap.ts — e.g., client.getTokens, client.getQuote, client.createArkadeToEvmSwapGeneric) and then uses response fields such as resp.btc_vhtlc_address and resp.source_amount to automatically perform actions (wallet.sendBitcoin), and the Lightning skill queries Boltz APIs for swap operations, so untrusted API responses are read and can materially drive tool use/execution.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a cryptocurrency wallet and payments SDK. It provides concrete APIs and classes for creating identities and wallets, checking balances, sending onchain/offchain Bitcoin (wallet.sendBitcoin, ArkadeBitcoinSkill.send), onboarding/offboarding (ramps.onboard/offboard), Lightning invoice creation and payment (ArkaLightningSkill.createInvoice, payInvoice, Boltz swap provider), and non-custodial stablecoin swaps (LendaSwapSkill.swapBtcToStablecoin, claimSwap, refundSwap). These are specific financial execution operations (sending funds, executing swaps, paying invoices), not generic tooling. Therefore it grants direct financial execution capability.