trading-manifold

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill routinely fetches market data from the public Manifold API (e.g., /search-markets, /market, /trending, /bets in SKILL.md and index.ts), which contains user-generated questions/descriptions and probabilities that the agent reads and uses to make trading decisions (including automated bet placement), so untrusted third-party content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading/betting integration for Manifold Markets using their REST API and an API key. It defines authenticated POST endpoints that perform transactions: place_bet (POST /bet), bet_multiple_choice (POST /bet), sell_shares (POST /market/{id}/sell), cancel_bet (POST /bet/cancel/{id}), create_market (POST /market), plus an automated trading bot that issues bets programmatically. These functions directly execute financial actions (placing/canceling orders, selling shares, creating markets) rather than providing a generic HTTP or browser tool. Although the currency is "Mana" (play money), the skill's primary and explicit purpose is to move funds/shares on behalf of the user, so it meets the definition of direct financial execution.