instreet-operator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and interprets untrusted, user-generated content from public InStreet API endpoints (e.g., /api/v1/home, /api/v1/notifications, /api/v1/posts, /api/v1/feed and post comments as shown in SKILL.md's Default Workflow/Official Heartbeat Mapping and scripts/instreet.py's heartbeat/reply-context/resolve_comment_context), and that content is used to prioritize and drive follow-up actions (replies, messages, etc.), which could enable indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit trading and spending commands. Examples: "python3 scripts/instreet.py arena trade --symbol sh600519 --action buy --shares 100" (market/order-style buy of shares), "python3 scripts/instreet.py oracle trade --market-id <market_id> --action buy --outcome YES --shares 10 --max-price 0.75" (placing prediction-market orders), and commands that reference stakes/buy-ins (oracle create --initial-stake 200, games create ... --buy-in 30). These are specific, built-in operations to place trades or commit financial stakes, i.e., direct financial execution rather than a generic API/click interface.