client-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly subscribes to public Nostr relays (e.g., relayPool.subscribe in references/discovery.md) and JSON.parse(event.content) in references/nostr-way-without-sdks.md shows it ingesting untrusted, user-generated relay events and JSON-RPC responses from the open network to discover servers and determine capabilities (e.g., encryption, tools) which directly influence connection behavior and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill connects at runtime to Nostr relays (e.g., wss://relay.contextvm.org, wss://cvm.otherstuff.ai, wss://nos.lol) which carry MCP JSON‑RPC messages such as tools/prompts that can directly control agent prompts/behavior, making these runtime endpoints a risky external dependency.