crypto-trading-bots

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and interprets public on-chain and DEX data (e.g., provider.getCode(tokenAddress), getTopHolders(tokenAddress), simulateBuy/sell, and fetching prices/liquidity from DEXes), which are open/public, potentially user-controlled sources the agent ingests as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly focused on automated crypto trading (DEX sniping, arbitrage strategies, MEV protection, token snipers, auto trading, Telegram trading bots). Those capabilities are specifically designed to execute on-chain swaps/trades and interact with crypto execution flows (wallet signing, swaps, MEV tactics) rather than being a generic tool. Under the policy, Crypto/Blockchain execution (wallets, swaps, signing, market orders) is a Direct Financial Execution capability, so this skill should be flagged.