meme-trader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill fetches and directly ingests live, public data from third‑party sources (e.g., Dexscreener API calls in scripts/fetch-meme-data.ts and social sentiment scraping of Twitter/X and Telegram as listed in the ML/Social sections and pump.fun), which are untrusted/user-generated content that the agent reads and interprets to generate signals.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto trading system for Solana memecoins ("meme-trader") and includes components that enable moving crypto value: it names Jupiter (swap routing/price impact) and Helius/Shyft (RPC/transaction parsing), describes "trade execution support," provides concrete trade signals with position sizes ("Size: 2% port", position size rules up to 5%), and references portfolio trade workflows and signal-to-trade pipelines. It also mentions handling private keys (security note: "Never expose private keys or wallet seeds"), implying integration with wallet/RPC functionality. These elements show the skill is specifically designed for cryptocurrency trading (building/executing swaps/transactions), not just generic analysis, so it grants direct financial execution capability.