opentrade-newsliquid

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md cross-skill workflows explicitly instruct the agent to call external news and social-media skills (e.g., [opennews] and [opentwitter]) to "Search crypto news" and "Check KOL sentiment" and then act (place trades) based on those signals, which are untrusted, user-generated third-party sources that the agent would read and use to drive trading actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly a centralized-exchange trading integration. It exposes specialized, money-moving endpoints such as POST /orders (place market/limit/stop/take-profit orders), PUT /orders/edit, DELETE /orders/:orderId (cancel), POST /positions/close (close positions), PUT /leverage/current (set leverage), and endpoints to update exchange API credentials and create/authorize wallet agents. These are specific financial execution functions (placing/editing/canceling trades, changing leverage, closing positions) — not generic tooling — so it grants direct financial execution authority.