stacks-market

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI and agent explicitly fetch and consume public, user-generated market data from https://api.stacksmarket.app (see fetchMarketApi in stacks-market.ts and the list-markets/search-markets/get-market commands in SKILL.md/AGENT.md), and that external content is used to choose markets and drive trading actions, so untrusted third‑party content can materially influence the agent's decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto trading interface for the Stacks mainnet. It exposes write operations that send on-chain transactions (buy-yes, buy-no, sell-yes, sell-no, redeem), requires an unlocked wallet, returns txids/explorer URLs, and references moving STX (including PostConditionMode.Allow and gas fees). These are specific blockchain/crypto execution capabilities (sending transactions, signing with a wallet, moving funds), not generic tooling. Therefore it grants direct financial execution authority.