inbox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and parses messages from the public AIBTC API (https://aibtc.com/api/inbox/{stxAddress}) and the SKILL.md/AGENT.md explicitly instructs treating server-supplied fields (e.g., payment.checkUrl) as canonical hints for inbox/payment flow, so untrusted, user-generated content can materially influence agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform cryptocurrency payments: the "send" subcommand requires an unlocked wallet with sBTC balance, builds a sponsored sBTC transfer (payment flow: POST → 402 challenge → build sponsored sBTC transfer → retry with payment header), returns a txid/amount, and exposes an MCP tool send_inbox_message for sending messages with x402 payment. This is a specific crypto transaction capability (wallet use and sending signed sBTC transfers), i.e., directly moving funds.