blave-quant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls public third‑party APIs and streams (e.g., Blave API endpoints like GET /alpha_table and /kline, Hyperliquid endpoints such as /hyperliquid/trader_history/top_trader_position, and the TradingView SSE stream GET /sse/tradingview/stream — and even references a Truth Social monitor example) and the agent is instructed to read and act on those signals for screening, backtests and trading decisions, so untrusted/user-generated content can materially influence its actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides direct trading and account-management integrations with multiple exchanges (BitMart, OKX, Bybit, BingX, Bitget, Binance, Bitfinex) and documents concrete WRITE operations: place/modify/cancel orders (limit/market/algo/OCO/TWAP/plan/TP-SL/trailing), open/close positions, adjust leverage/margin, submit/cancel funding offers/loans/credits, and wallet/sub-account transfers. These are specific financial execution actions (sending transactions/orders and moving funds), not generic tooling. Although a mandatory "CONFIRM" safety flow is required, the skill still grants the agent the ability to execute financial transactions when confirmed by the user, so it meets the criterion for Direct Financial Execution.