runes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly calls public third‑party services (UnisatIndexer using the Unisat API and MempoolApi/mempool.space) to fetch rune balances, UTXOs and fee estimates, and those untrusted, user-originated indexer/blockchain data are read and used to build/sign/broadcast transactions, so external content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform cryptocurrency token operations on Bitcoin. It includes a "transfer" command that builds and broadcasts Rune transactions (Runestone OP_RETURN encoding), handles fee estimation and broadcasting, requires an unlocked wallet and an UNISAT API key, and returns txids/Explorer URLs. These are direct crypto transaction and wallet operations (signing/sending funds), not generic tooling, so it provides direct financial execution capability.