octobot-stack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill ingests untrusted third‑party content: octobot-evaluators includes Social/TwitterSentiment evaluators that fetch tweets/news, octobot-services exposes a WebhookService that accepts arbitrary POST payloads, and octobot-tentacles-manager can install tentacle packages from arbitrary URLs — all of which the agent is expected to read/interpret as part of its workflows.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a cryptocurrency trading bot development guide. It describes exchange integrations, trading logic, "orders" and "portfolio management", exchange tentacles/connectors that inherit from RestExchange or CCXTConnector, and CCXT build/edit workflows. These are specific, finance-facing components (crypto exchange APIs / market order integrations) intended to place trades and manage funds, not generic tooling. Therefore it grants direct financial execution capability.