nautilustrader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and consume live/public third‑party data (e.g., TardisMachine/TardisHttpClient instrument metadata and WebSocket replays, and OKX REST/WebSocket market data and order endpoints) as part of normal workflows—content that is untrusted/user-generated and can directly affect trading decisions and subsequent tool actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly a trading/execution integration. The documentation includes concrete APIs and code to create and submit orders (order_factory.market/limit/stop, self.submit_order, submit_order_list), modify and cancel orders (self.cancel_order, self.cancel_all_orders, self.modify_order), and manage execution algorithms and risk engines. It also documents exchange execution adapters (OKXExecutionClient, OKXLiveExecClientFactory), how to supply API credentials (OKX_API_KEY, OKX_API_SECRET, passphrase), order types (MARKET, LIMIT, STOP_MARKET, etc.), and REST/WebSocket endpoints for placing and tracking orders. These are specific market-order and exchange execution capabilities (i.e., tools to send transactions that move money/positions), so it provides Direct Financial Execution Authority.