predictfun

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches market data (questions, descriptions, outcomes, tokenIds) from the public Predict.fun API (see calls to predictfun.getMarkets and predictfun.getMarket in index.ts and the SKILL.md "Market Data" commands), which is open third-party/user-generated content that the agent reads and uses to decide and execute trades (e.g., selecting tokenId and creating orders), so untrusted content can influence tool actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for on-chain trading on Predict.fun (BNB Chain). It includes commands to place buy/sell orders, cancel orders, redeem/merge outcome tokens, check balances/positions, and requires a PREDICTFUN_PRIVATE_KEY (0x...) for order signing. These are direct crypto transaction and market-order capabilities (wallet signing + executing trades), so it grants direct financial execution authority.