hustle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's monitoring/solver components explicitly fetch and interpret market data from open public sources—e.g., OpenSea (GUNZ collection), the Albion Online Data API, Odealo, community channels like Discord and Reddit, and scraped_prices.json via monitor.py—so it ingests untrusted, user-generated third‑party content as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly describes a "Payout Pipeline" and "Manage GUNZ wallet and Odealo integration," plus "Vault Management" to access secure credentials for arbitrage accounts and workflows that check "gunz_wallet" connectivity. These are specific crypto/wallet and payout integrations (not generic browser or API callers) and indicate the skill is designed to manage funds/payouts and thereby can execute financial transactions. Therefore it meets the "Direct Financial Execution" criteria.