l402

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required buyer workflow explicitly instructs the agent to fetch and act on arbitrary public URLs using lnget (e.g., "lnget --max-cost 500 https://api.example.com/data" in references/lightning-agent-tools-playbook.md and SKILL.md), so the agent will ingest untrusted third-party API/web content and make payment/behavioral decisions based on that content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements Lightning (Bitcoin) payment infrastructure and buyer/seller payment flows. It references lnd (node and wallet creation), remote signer and signing, baking scoped macaroons (pay-only, invoice-only), lnget for paying gated APIs, aperture paywalls, invoices/payments, and scripts to start nodes and perform payments. These are concrete crypto/blockchain wallet and payment operations (signing, issuing/settling invoices, sending payments), not generic tooling. Therefore it grants direct financial execution capability.