clams

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's onboarding and workflows explicitly direct the agent to create and use public onchain sources (e.g., references/onboarding.md instructs creating an Esplora source at https://blockstream.info/api) and to run commands like clams connections sync and clams rates sync that ingest and parse JSON from external, public APIs and user-provided CSVs, which the agent must read and whose content can materially influence subsequent processing and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for Bitcoin and Lightning bookkeeping and includes specific crypto/blockchain integrations: "add wallets", "list/update/delete connections", "onchain sources (Esplora, Electrum, Bitcoin RPC)", and "Lightning connections". These are specific blockchain/wallet APIs and connection management (not just generic HTTP or browser automation) and therefore fall under the Crypto/Blockchain category in the rules. Even though the skill focuses on accounting/reporting (not explicitly broadcasting/signing transactions), it is specifically designed for crypto financial operations and exposes wallet/on-chain integration functionality—so it meets the criterion for Direct Financial Execution risk.