hodlmm-signal-allocator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill fetches and directly ingests public aibtc.news signals (see AIBTC_SIGNALS_API: https://aibtc.news/api/signals and the fetchBitcoinMacroSignals function / SKILL.md), which are untrusted third-party, user-generated content that the agent reads and uses to compute signal_score and gate/trigger live swaps — allowing those external signals to materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements on-chain crypto execution: it computes signals/risks then executes a Bitflow swap (STX → sBTC) via the Bitflow SDK/API, requires a funded wallet and gas reserve, returns txId and explorerUrl, and exposes a run --amount-stx [--confirm] command that broadcasts the swap (with --dry-run available). These are specific crypto/blockchain transaction capabilities (wallet interaction, swaps, broadcasting transactions), so it grants direct financial execution authority.