alby-bitcoin-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill's core docs and required reference workflows explicitly instruct the agent/app to fetch and interact with arbitrary public endpoints (e.g., fetch402 in references/lightning-tools/402.md, LightningAddress.fetch/lnurl in references/lightning-tools/index.d.ts and lnurl.md, and the faucet.nwc.dev calls in references/testing-wallets.md) so untrusted third-party responses (LNURL, 402 challenges, NWC URLs, faucet responses) can be ingested and directly influence payment, retry, or follow-up actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides Bitcoin Lightning wallet capabilities — e.g., Nostr Wallet Connect (NIP-47), LNURL, WebLN — and lists operations such as sending and receiving payments, settling (HOLD) invoices, parsing BOLT-11 invoices, verifying preimages, fetching balance and transactions, and performing bitcoin↔fiat conversions. Those are direct crypto payment/wallet operations (signing/sending/settling transactions), so it is specifically designed to move money.