droyd

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Content Search and Project Search workflows (SKILL.md and references/search.md / references/project-search.md) explicitly ingest public user-generated content types (posts, tweets, YouTube, news) which the agent reads and uses—e.g., virality analysis and research flows that feed autonomous trading—so third-party content can influence decisions and tool actions, enabling indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto trading/wallet agent. It includes direct trade execution commands (scripts/droyd-trade-open.sh, droyd-trade-manage.sh, positions checks, close/sell), autonomous trading with stop-loss/take-profit and quant strategies, agent creation that provisions wallets and API keys, and scheduled trading tasks. Supported chains and trading leg types (market_buy, limit_order, stop_loss, take_profit, quant_buy/sell) indicate native crypto/transaction actions rather than generic tooling. This matches the “Crypto/Blockchain (Wallets, Swaps, Signing)” and “Market Orders (Buying/Selling stocks or assets)” criteria for direct financial execution.