cast

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill makes HTTP requests to external Scrolls endpoints (e.g., derive-scrolls-address.sh and cast-sign-and-broadcast.sh use curl against CAST_SCROLLS_BASE_URL /address and /sign) and can also POST to a broadcast URL (CAST_MEMPOOL_BROADCAST_URL); those untrusted third-party responses are parsed and used to derive addresses, signatures, and broadcast decisions that materially affect transaction signing/broadcasting.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements Bitcoin DEX operations: order creation, cancellation/replacement, partial fills, signing, and broadcasting transactions. It requires wallet/transaction tools (bitcoin-cli, sign-txs, cancel-msg, charms), UTXO/funding inputs, change addresses, operator-signed fulfill payloads, and includes scripts to sign-and-broadcast and run autotrade loops. These are specific crypto transaction and signing capabilities (not generic), i.e., direct financial execution.