alby-bitcoin-payments-cli-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow requires fetching and interpreting content from public, untrusted endpoints — e.g., the README tells the agent to install the skill by fetching https://raw.githubusercontent.com/.../SKILL.md, the CLI exposes a request-invoice-from-lightning-address command that queries third-party lightning address servers, and it references the public faucet at https://faucet.nwc.dev — responses from these public services would be read by the agent and could materially affect payment actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The README tells the agent to install the skill by fetching the raw SKILL.md at https://raw.githubusercontent.com/getAlby/alby-cli-skill/refs/heads/master/SKILL.md, which would be fetched at runtime and directly supply instructions that control the agent’s behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly a Bitcoin Lightning wallet CLI using Nostr Wallet Connect (NWC). It provides direct payment-related commands (make-invoice, pay-invoice, pay-keysend, wait-for-payment, settle-hold-invoice, cancel-hold-invoice, list-transactions, get-balance, etc.), accepts wallet connection secrets, and is designed to create and execute on-chain/lightning transactions and invoices. These are specific crypto/blockchain wallet and payment operations intended to move funds, not generic tooling.