souldinals

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and parses user-generated inscription content from the Unisat Ordinals API (https://open-api.unisat.io) — e.g., fetchInscriptionContent/fetchSoulInscriptions in souldinals.ts and SKILL/AGENT docs — and the agent is expected to read that markdown (used to "reload agent identity context" and parse traits), so arbitrary third-party content can influence agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built to perform Bitcoin blockchain transactions: it requires an unlocked wallet with BTC balance, constructs and broadcasts commit and reveal transactions, specifies reveal amounts in satoshis and fee rates, and returns transaction IDs/Explorer URLs. These operations involve signing and sending on-chain transactions (moving BTC) — a direct crypto/blockchain execution capability.