copy-trading

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instantiates a Polymarket whale tracker and copy-trading service (see createWhaleTracker in index.ts and the SKILL.md entries like "Follow whale wallets on Polymarket" and the polymarket credentials in createCopyTradingService), and it ingests public user-generated trades/wallet activity which directly drives automated trading decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto copy-trading service: it contains APIs and commands that place trades (e.g., /copy follow, copyTrader.follow(...), copyTrader.start()), includes blockchain/Polymarket credentials and a privateKey for signing transactions, and implements automatic trade execution (sizing, delays, stop-loss/take-profit auto-exit). This is a purpose-built financial execution tool for crypto trading rather than a generic capability.