alby-bitcoin-payments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to use "discover" to search the public index 402index.io and to use "fetch" to pay for and consume arbitrary service URLs (auto-detecting L402/X402/MPP), so the agent will ingest untrusted third-party content that can affect payment decisions and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs the agent/user to run npx -y @getalby/cli@0.6.1 (which fetches and executes remote code from the @getalby/cli package, repository: https://github.com/getAlby/cli), so this is a runtime dependency that executes remote code and is required for the skill.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and specifically designed for cryptocurrency payments and wallet control. It exposes commands to send payments (pay-invoice, pay-keysend, fetch with automatic 402 payment), create invoices and hold invoices (make-invoice, make-hold-invoice, settle-hold-invoice), check balances and manage wallets (get-balance, connect, auth), and accepts a Nostr Wallet Connect connection secret. The CLI’s fetch command can automatically pay HTTP 402 endpoints and has spending limits (--max-amount). These are direct payment and wallet management operations (Bitcoin Lightning) — not generic tooling — so the skill grants direct financial execution capability.