bitflow-limit-order

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly fetches live pool and active-bin price data from the public Bitflow API endpoints (e.g., https://bff.bitflowapis.finance/api/quotes/v1/pools and /api/quotes/v1/bins/{poolId}/active) as part of the required run/runCycle workflow, and those external responses are read and used to decide and execute on‑chain swaps, so third‑party content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto trading tool that creates and autonomously executes on-chain limit orders. It integrates BitflowSDK for swap routing/execution and Stacks libraries for transaction construction, wallet derivation, and keystore decryption. Commands and flags (e.g., set, run --confirm --wallet-password, --confirm to execute swaps) clearly perform signed transaction broadcasts (txId shown in outputs). This is a purpose-built financial execution capability (crypto/blockchain swaps and wallet signing), not a generic tool, so it grants direct financial execution authority.