opportunity

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt shows credentials passed inline in code (e.g., polymarket: { apiKey, apiSecret, passphrase, privateKey }), which instructs embedding secret values directly in generated configuration/code and thus requires the LLM to handle/output secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly scans and ingests market data from public prediction platforms (Polymarket, Kalshi, Betfair, etc.) as shown in SKILL.md and in index.ts (createOpportunityFinder, createFeedManager, finder.scan), and it displays and uses untrusted market question text and match verification (formatOpportunity, matchVerification) to drive matching and execution decisions—so third-party content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to find and execute arbitrage across real prediction-market platforms and includes concrete execution functionality and credential fields. It requires API credentials (apiKey, apiSecret, privateKey) for platforms like Polymarket and Kalshi and exposes an execute(opportunityId, { size, maxSlippage, ... }) method and CLI commands (/opportunities execute --size 100) that perform trades and report fills, fees, P&L. Those are direct market-order / transaction operations on financial platforms (moving capital), not generic tooling. Therefore it grants direct financial execution authority.