dx-terminal-pro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches natural-language "strategies" and "inference logs" from https://api.terminal.markets (see SKILL.md "Get Strategies" and "Get Inference Logs"), which are untrusted/user-provided content the agent is expected to read and that can directly influence trading decisions and subsequent signed onchain actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill issues runtime calls to https://api.terminal.markets/api/v1/strategies/$VAULT_ADDRESS?activeOnly=true which return natural‑language "strategies" that directly control the trading agent's instructions, so external content fetched at runtime can modify agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes crypto on-chain transaction capabilities tied to a private key (DX_TERMINAL_PRIVATE_KEY) and shows concrete commands to send transactions via cast to a vault: updateSettings, addStrategy/disableStrategy, depositETH, withdrawETH. It therefore grants wallet/chain signing and direct movement of funds (deposit/withdraw) and control over a trading agent that executes swaps. This meets the "Crypto/Blockchain (Wallets, Swaps, Signing)" and direct transaction criteria.