wallet-brc100-go

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill configures and uses external public APIs (e.g., services.NewServices with ArcURL "https://arc.taal.com" and WocURL "https://api.whatsonchain.com/v1/bsv/...") and links to public specs/repos (https://bsv.brc.dev, GitHub) which the agent would fetch and parse at runtime, exposing it to untrusted, public third‑party content (blockchain APIs and web pages) that could carry indirect prompt injection vectors.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a blockchain wallet implementation (BRC-100 / BSV) with concrete APIs and code for creating and broadcasting payments, signing transactions, managing keys, checking balances, and interacting with mainnet/testnet services. Examples include sendBSV which builds outputs and calls CreateAction (with immediate broadcast option), SignAction, functions to sign/finalize transactions, and full wallet setup tied to network endpoints. These are specific crypto financial execution capabilities (wallet, transaction creation/broadcasting, signing), not generic tooling.