bitvm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's header-chain instructions (references/features-header-chain.md) explicitly tell the user to download Bitcoin headers from a public site (e.g. https://zerosync.org/chaindata/headers.bin) and place them into prover/data for the prover/final-spv to consume, so the agent is expected to read and act on open, third-party header data that can materially influence verification and subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements blockchain/crypto tooling: a Bridge CLI that manages keys, addresses, UTXOs, peg-in/peg-out flows, MuSig2 signing, and broadcast functionality. Those are specific primitives for creating, signing, and broadcasting Bitcoin transactions (moving funds). This is not a generic tool — it is purpose-built for crypto financial operations.