ordinals

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill documents that ord server serves arbitrary, user-generated inscription content (e.g., via /content/<INSCRIPTION_ID> and the recursive /r/... endpoints described in references/features-inscriptions-recursion.md) and explicitly warns this content is untrusted and can include HTML/JS (features-server-security.md), meaning third-party inscriptions can be fetched and could influence rendered behavior or tooling decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements a Bitcoin Ordinals wallet and transaction functionality. The prompt states "ord is an index, block explorer, and CLI wallet" and mentions "wallet subcommands for inscribing and sat-aware sends," "inscribing," and "runes ... minting, transferring." It also exposes a JSON API and wallet subcommands for batch inscribing and sends. Those are specific crypto/blockchain wallet and transaction operations (signing/sending/minting), which constitute direct financial execution capability.