blink

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill accepts and acts on untrusted third‑party inputs and API responses — e.g., BOLT‑11 invoices, Lightning Addresses, LNURLs and Blink GraphQL/WebSocket responses used in pay_invoice.js, pay_lnaddress.js, pay_lnurl.js, create_invoice.js and the SKILL.md workflows — which the agent parses and can trigger payments or other actions, so external content can materially influence tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a custodial Bitcoin Lightning wallet interface (Blink) with built-in commands and API mutations to move money: create invoices, pay BOLT‑11 invoices, pay Lightning Addresses and LNURLs, estimate and execute fees, and execute internal BTC<->USD swaps. It documents Write-scoped API keys and GraphQL mutations (lnInvoicePaymentSend, lnAddressPaymentSend, lnurlPaymentSend, intraLedgerPaymentSend, intraLedgerUsdPaymentSend) and provides CLI scripts (pay_invoice.js, pay_lnaddress.js, pay_lnurl.js, swap_execute.js) that perform actual fund transfers. This is a specific financial execution tool (crypto/wallet, payments, swaps), not a generic API caller or browser automation.