hydra-head

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). scripts/hydra-node.sh uses the Docker image URL ghcr.io/cardano-scaling/hydra-node at runtime (exec docker run ... "$IMAGE" "$@"), which will be pulled and executed as remote code if hydra-node is not installed locally, so this is a runtime dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill contains explicit crypto/blockchain execution capabilities. It includes concrete commands to generate Cardano and Hydra signing keys (cardano-cli, hydra-node gen-hydra-key), instructions to run hydra-node with signing keys, and API endpoints/commands to init/commit/submit/close/fanout a Hydra head (e.g., curl POST /commit, /submit, /close, /fanout). Those are specific blockchain wallet/signing and transaction submission operations (directly related to moving funds). Even though labeled "guidance" and referencing an operator skill for execution, the prompt explicitly documents the exact tooling and APIs required to sign and submit transactions. Therefore this is Direct Financial Execution capability.