execution

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly ingests live market data from public third‑party platforms (Polymarket and Kalshi) via createExecutionService and runtime calls in index.ts (e.g., estimateSlippage, protectedBuy/marketBuy, TWAP, and the trigger/WebSocket feed note), and that external, user-driven market content directly influences trade decisions and subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute financial transactions: it provides chat commands and a TypeScript API to place limit, market, maker, and protected orders on Polymarket and Kalshi, includes order management (cancel, cancel-all, get open orders), slippage estimation, and requires API keys/private keys in createExecutionService. These capabilities directly send market orders and manage trades (i.e., move funds/executions on marketplaces), so it is a direct financial execution tool.