moon-dev-trading-agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes agents that ingest public user-generated content—e.g., rbi_agent explicitly accepts YouTube URLs and PDFs to extract strategy logic and there are websearch_agent and tweet_agent components—so the system will fetch and interpret untrusted third-party web/social-media content that could carry indirect prompt injections.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built for cryptocurrency trading and includes exchange-specific trading functions and secrets. It names exchanges (Hyperliquid, Solana/BirdEye, Extended/X10), documents .env secrets for blockchain/private keys and API keys (e.g., SOLANA_PRIVATE_KEY, HYPER_LIQUID_ETH_PRIVATE_KEY, X10_PRIVATE_KEY), and exposes concrete trade APIs such as market_buy(), market_sell(), get_position(), close_position() with leverage settings. Those are direct transaction/execution primitives (market orders, position management, signing keys), not generic tooling. Therefore it grants direct financial execution authority.