moneydevkit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's agent-wallet workflow explicitly states "Destination auto-detection supports Bolt11/Bolt12/LNURL/Lightning address" (references/agent-wallet-operations.md), which requires resolving and ingesting metadata from arbitrary external LNURL/Lightning-address endpoints (third-party servers) that the agent will interpret to determine payment destinations and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill runs npx/npm to fetch and execute remote packages at runtime (e.g., "npx @moneydevkit/agent-wallet@latest", "npx @moneydevkit/create@latest", "npm install @moneydevkit/nextjs" / "@moneydevkit/replit"), which downloads and executes remote code that the skill relies on, so these runtime package fetches represent external code execution risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for payments and crypto wallet operations. It references Lightning checkout flows, an "agent-wallet" for autonomous agents, self-custodial nodes, mnemonic custody, API keys, and workflows that can "receive", "send", and inspect "payments". It also includes commands and integrations for creating checkouts and verifying paid status. These are specific crypto/payment primitives (wallet management and transaction sending), so this grants direct financial execution capability.