lp-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's runtime workflow explicitly queries the public Meteora DLMM API (see scripts/list_meteora_pools.py and scripts/get_meteora_pool.py which call https://dlmm.datapi.meteora.ag) and consumes that data to select pools and drive strategy/configuration, so untrusted third‑party content can materially influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The deploy script (scripts/deploy_hummingbot_api.sh) clones and deploys code from the remote Git repository https://github.com/hummingbot/hummingbot-api.git at runtime (git clone → make deploy), which fetches and executes third‑party code required for the skill to function, so this external URL enables remote code execution.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for crypto financial operations. It includes wallet management (add/import Solana private keys via add-wallet.py), infrastructure to sign/send on-chain transactions (Hummingbot API + Gateway configured for Solana RPC), and commands/scripts that create and manage on-chain liquidity positions and trades (manage_executor.py and manage_controller.py create/deploy/stop LP positions, with states like OPENING/CLOSING and parameters for amounts, base/quote, auto-close, etc.). It also references SOL fees and requires a funded wallet. These are concrete blockchain wallet and transaction execution features (not generic browser/API callers), so the agent has direct financial execution capability.