opinion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill fetches live market and orderbook data from the public Opinion.trade feed (see feed.searchMarkets / feed.getMarket / feed.getOrderbook in index.ts) and then uses market.outcomes/tokenId values to drive trading actions (handleBuy/handleSell), exposing the agent to untrusted, user-generated market content that can materially influence execution.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading integration for Opinion.trade (a BNB Chain prediction market) and provides commands to place and cancel orders (/op buy, /op sell, /op cancel, /op cancelall), view balances and positions, and requires an OPINION_PRIVATE_KEY and multisig address for trading. It uses on-chain signing (EIP-712) and BNB Chain transactions. These are specific crypto/blockchain financial execution capabilities (sending signed transactions, placing market/orders), not generic tooling. Therefore it grants direct financial execution authority.