transaction-building

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly requires ingesting external "inputBEEF" (SPV proof chains) supplied by marketplaces/other users as part of the two-phase signing workflow (see "inputBEEF" and the completeSignedAction/createAction examples), and that untrusted user-supplied proof data is parsed/merged and directly affects transaction construction, signing, and submission—so third-party content could materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to build, sign, and submit cryptocurrency (BSV) transactions using the 1sat SDK and wallet integrations. It exposes specific actions like sendBsv, sendAllBsv, sweepBsv, sendOrdinals, sendUtxos, createAction/signAction/completeSignedAction, and low-level TxBuilder utilities — all of which perform or finalize on-chain transfers, batch payments, token operations, and signing workflows. These are direct crypto/blockchain transaction execution capabilities (wallet signing and broadcasting), not generic tooling, so it grants direct financial execution authority.