bsv-standards

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill documents and uses tools that fetch and render arbitrary public on-chain and web-hosted content (e.g., bitcoin-image's getDisplayUrl which routes content through the ORDFS gateway https://ordfs.network, GorillaPool ordinals APIs, and the B protocol for arbitrary file storage), meaning the agent would read and interpret untrusted, user-generated third-party data.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is specifically about BSV blockchain standards and explicitly documents token operations and signing capabilities: it includes BSV-20 JSON ops (deploy, mint, transfer), STAS (script-enforced token transfers, atomic swaps), Paymail paymentDestination/receive-transaction, SIGMA transaction-bound signatures, and references to SDKs/packages (e.g., @bsv/sdk, sigma-protocol, bitcoin-auth) that enable wallet, signing, and transfer functionality. These are concrete crypto/blockchain capabilities (wallet/signing/transfer) rather than generic tooling, so it grants direct financial execution capability.