alby-hub-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to call get-channel-suggestions and consume its output (references/lsp.md and initial-setup.md), which returns third-party LSP provider data (public/untrusted service responses and invoices) that the agent must read/interpret to choose providers and request/pay invoices—so untrusted external content can materially influence subsequent tool use and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Installation instructions include curl-and-execute commands that fetch and run remote install scripts (e.g. /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/getAlby/hub/master/scripts/linux-x86_64/install.sh)"), which are fetched/executed during setup and are required to install the hub used by this skill.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for managing a self-custodial Alby Hub Lightning node via a CLI and includes direct payment functionality (e.g., "Payments: Pay/make invoices, transactions, lookup, balances, wallet address"), channel management, and wallet-related operations. These are specific crypto/blockchain capabilities that enable sending and receiving funds (signing/sending Lightning transactions), not just generic tooling. Therefore it grants direct financial execution authority.