defi-trading-systems

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and references include runtime network calls that fetch and act on public third‑party data—e.g., FundingArbitrage refers to _fetch_all_rates from exchanges and the FlashbotsSubmitter/submit_bundle uses requests.post to Flashbots (and references/mev-protection.md shows submit_to_flashbots and querying public aggregators like 1inch/Paraswap/CowSwap)—so untrusted external prices/routes would be ingested and directly influence trading decisions and tool actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for DeFi trading and contains direct blockchain transaction signing and submission functionality. In particular, the FlashbotsSubmitter class uses eth_account.Account.from_key(signing_key) to load a private signing key, constructs and signs a transaction bundle (using Web3.keccak and signer.sign_message), sets the Flashbots signature header, and posts the bundle to a Flashbots endpoint (eth_sendBundle). This is explicit crypto wallet/signing and transaction submission functionality (direct financial execution), not a generic API caller or browser automation.