lnd

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes a hard-coded password ("devpassword") shown in example commands (docker exec eclair eclair-cli -p devpassword ...), which encourages embedding literal secrets in CLI invocations and thus requires the agent to output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill includes explicit support for building from arbitrary GitHub PRs and commits (see docker-build.sh --pr / "Build from a GitHub PR" and use of the gh CLI), which pulls untrusted public user-generated content from GitHub that the agent may fetch and execute as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for cryptocurrency financial operations (Lightning Network / Bitcoin). It exposes wallet and payment functionality (lncli commands and RPCs) such as sendcoins, sendpayment, addinvoice, newaddress, openchannel/closechannel (which fund/settle on-chain and Lightning channels), and walletrpc/signrpc build tags and gRPC/REST ports. These are direct transaction- and wallet-management operations that can move funds and sign transactions (crypto/blockchain capability), so it grants direct financial execution authority.