nautilustrader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation and workflow explicitly instruct connecting to and ingesting data from external public services (e.g., TardisHttpClient/TardisMachine WebSocket replays and the OKX data/execution clients described throughout SKILL.md and the references), and that live/historical market and instrument data are subscribed to and used by strategies to drive order submission and other actions, so untrusted third‑party content can materially influence agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. The skill is an algorithmic trading platform reference (NautilusTrader) and explicitly documents live order execution and account integration. It contains concrete, non-generic trading/execution APIs and examples: order_factory.market/limit/stop_market, self.submit_order(), cancel_order(), modify_order(), batch submit/cancel, exec client/adapters (OKXExecutionClient, OKXLiveExecClientFactory), exchange integration (Binance Futures, OKX), API key/passphrase environment variables, demo vs production modes, and execution client configuration for live trading. These are direct market-order and exchange-account controls (crypto exchange order placement and account management), not generic tooling. Therefore it grants direct financial execution capability.