hodlmm-range-keeper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches live pool and user-position data from external APIs (e.g., https://bff.bitflowapis.finance used by fetchAllPools/fetchUserPositions and https://api.hiro.so used by fetchStxBalance) which the agent directly reads in its status/plan/recenter/run workflows and uses to build and execute MCP tool calls, so third-party responses can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto liquidity-position manager that performs on-chain transactions: it withdraws liquidity, harvests fees, and re-deposits principal. The doc states "Writes to chain: Withdraws liquidity and re-deposits into new bins. Real funds move," and that execution is performed via MCP tool calls (bitflow_hodlmm_remove_liquidity, bitflow_hodlmm_add_liquidity). It includes gas caps, cooldowns, and a live recenter/run --confirm command to execute transactions. These are specific blockchain financial operations (wallet/transaction signing and fund movement), so it meets the Direct Financial Execution criteria.