Hyperbot Trading Analytics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to connect to an external MCP SSE endpoint (https://mcp.hyperbot.network/mcp/sse) and call tools that fetch data from public third‑party APIs referenced in references/prompts-reference.md (e.g., https://hyperbot.network/api/leaderboard/... and https://open.aicoin.com/...), and that fetched, untrusted public data is then fed into analysis prompts that materially influence recommendations and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs clients to run remote packages (e.g., "npx -y mcp-remote https://mcp.hyperbot.network/mcp/sse" and "npm install -g mcp-remote"/"npm install -g mcporter"), which fetches and executes remote code at runtime to connect to https://mcp.hyperbot.network/mcp/sse, making it a required runtime dependency that executes external code.