payments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly instructs agents to connect to external payment services (e.g., LNbits via references/lightning-lnbits.md and Nostr Wallet Connect via references/lightning-nwc.md) and to parse/pay opaque third-party pay_req payloads (see references/custom-rails.md handler example), meaning untrusted remote content is ingested and can directly drive payment actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and primarily about implementing payments: it defines priced capabilities, server-side payment processors, client-side payment handlers, built-in rails for Bitcoin Lightning (LnBolt11Nwc, LnBolt11Lnbits), PMI strings, and code examples that "charge", "pay automatically", "issue + verify" payments and "pay". These are concrete payment APIs/constructs (including crypto Lightning rails) intended to move value, not generic tooling. Therefore it grants direct financial execution capability.