ordinals-marketplace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and ingests untrusted public marketplace data (see SKILL.md "Browsing Marketplace via API" and the runtime scripts scripts/search.ts and scripts/listings.ts which call https://api.1sat.app/1sat/owner/... and content endpoints), and the agent reads listing BEEF/OrdLock data (noted in "How Purchase Works") to extract price and payAddress which directly drive transaction construction and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a blockchain marketplace integration: it exposes actions like purchaseOrdinal, listOrdinal, transferOrdinals and cancelListing that build, sign, and broadcast transactions, set prices in satoshis, pay sellers and marketplace fees, and require wallet/BEEF (SPV proofs). These are specific crypto/payment operations (wallet signing, sending on-chain funds), not generic tooling, so it grants direct financial execution capability.