bittensor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill invokes the bittensor SDK/CLI (e.g., scripts/metagraph.py and subnets.py) to query the public Bittensor metagraph and subnet data on mainnet/testnet, ingesting openly hosted, user-controllable network fields (validator names, metadata, etc.) that the agent is expected to read and could carry indirect prompt-injection content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for interacting with the Bittensor blockchain and includes wallet- and staking-related commands (e.g., btcli wallet balance, btcli stake list, btcli subnets register --wallet.name default). Those are specific crypto/blockchain wallet and staking operations (capable of querying and managing on-chain funds), not generic tooling. That meets the "crypto/blockchain (Wallets, Swaps, Signing)" criterion for direct financial execution.