sweep-import

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly passes WIF private keys as string literals (e.g., wif: 'L1aW4aubDFB7yfDYK...') and thus would require the agent to accept and emit private key values verbatim, which is direct secret handling/exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow (see "Building Sweep Inputs" and the migration examples) explicitly fetches UTXOs from the public API https://api.1sat.app/.../txos and performs BEEF locking-script fetches while ingesting ordinal MAP metadata (name/contentType/custom instructions) that are then used to build and sign sweep transactions, so untrusted third‑party data can directly influence tool behavior and future actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides functions to move crypto assets: sweepBsv, sweepOrdinals, sweepBsv21 and examples that build and submit transactions using a WIF private key. It describes signing inputs, consolidating tokens, paying overlay fees, and submitting transactions (e.g., sweepBsv.execute(ctx, { inputs, wif })). This is a specific crypto-wallet transaction capability (wallet signing and sending), which meets the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution.