message-signing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill documents and instructs using Sigma.remoteSign with arbitrary HTTPS endpoints (see references/sigma-advanced.md "Remote Signing"), meaning it fetches and acts on untrusted third-party server responses (signatures) that directly influence signing and subsequent transaction actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about cryptographic signing and transaction-bound signatures on the BSV blockchain. It references direct wallet key usage (PrivateKey.fromWif), SDK signing functions (BSM.sign, SignedMessage.sign), full transaction signing via sigma-protocol (sigma.sign, signedTx), and an actions helper (@1sat/actions inscribe.execute with signWithBAP) that constructs and broadcasts anchor transactions. These are specific crypto/blockchain signing and broadcasting capabilities (wallet key use and transaction signing/broadcast), not generic tooling — therefore they constitute Direct Financial Execution authority.