alby-bitcoin-payments-agent-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's code and docs explicitly fetch and ingest untrusted public content (e.g., LightningAddress.fetch / lnurl requests in references/lightning-tools/lnurl.md and LightningAddress class in references/lightning-tools/index.d.ts, the test faucet POST to https://faucet.nwc.dev in references/automated-testing.md, and NWCClient subscribeNotifications and NWC relay interactions in references/nwc-client/*) and the agent is expected to read and act on that remote data (invoices, LNURL/metadata, notifications) which can materially influence payments and next actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for cryptocurrency payments: it exposes Bitcoin Lightning wallet capabilities and named payment protocols (Nostr Wallet Connect NIP-47, LNURL, WebLN). It includes functions to send and receive payments, conditionally settle (HOLD) invoices, fetch balances and transactions, parse BOLT-11 invoices and verify preimages — all direct mechanisms to move or authorize movement of funds. This is specific financial execution functionality (crypto payments/wallet operations), not a generic tool, so it meets the "Direct Financial Execution" criterion.