alby-bitcoin-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's included libraries and workflows explicitly fetch and act on arbitrary public URLs—e.g., fetch402 in references/lightning-tools/402.md (which fetches a URL, honors 402 WWW-Authenticate challenges, and pays invoices), LightningAddress.fetch()/requestInvoice in references/lightning-tools/index.d.ts and lnurl.md (which fetch LNURL/third-party endpoints), and the testing-wallet faucet calls in references/testing-wallets.md—so the agent ingests untrusted, public third-party content and can change behavior (including paying invoices) based on that content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides Bitcoin Lightning wallet capabilities — e.g., Nostr Wallet Connect (NIP-47), LNURL, WebLN — and lists operations such as sending and receiving payments, settling (HOLD) invoices, parsing BOLT-11 invoices, verifying preimages, fetching balance and transactions, and performing bitcoin↔fiat conversions. Those are direct crypto payment/wallet operations (signing/sending/settling transactions), so it is specifically designed to move money.