lightning-channel-factories

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.75). The links point to source/binary distribution by an unfamiliar numeric GitHub account plus a .win domain (both low reputation indicators) even though one link is a forum post, so they pose a moderate-to-high risk for untrusted or malicious executables without further verification.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md "Instructions" explicitly directs the user/agent to refer to the public SuperScalar GitHub repository and website (https://github.com/8144225309/SuperScalar and https://SuperScalar.win), which are open, user-generated third-party sources the agent would be expected to read and that could materially influence implementation decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about Bitcoin Lightning Network channel factory implementations and references cryptographic signing schemes and transaction-forwarding mechanisms: MuSig2 key aggregation, Schnorr adaptor signatures, HTLC/PTLC forwarding, watchtower breach detection, and support for regtest/testnet/mainnet. These are specific blockchain/crypto operational capabilities (signing and forwarding of payments) rather than generic documentation, so it provides direct crypto/financial execution-relevant functionality.