aibtc-news-classifieds

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and ingests public, user-generated content from https://aibtc.news/api (see apiGet/x402Get and commands like list-classifieds, get-brief, get-signal, list-skills), and that content is read and acted on (e.g., duplicate-detection before post-classified and editorial/brief content used by the agent), which could allow indirect prompt-injection from untrusted third-party data.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly performs crypto payment and wallet signing operations. It requires an unlocked wallet and uses the x402 service client to charge sats (e.g., post-classified requires 5000 sats sBTC; get-brief requires 1000 sats sBTC). Multiple write actions require BIP-322 signing (post-classified, inscribe-brief, corrections filing, update-beat), and the notes state the wallet must have sufficient sBTC balance. These are specific blockchain/crypto transaction capabilities (sending payments and signing transactions), not generic interfaces, so this grants direct financial execution authority.