deepbook-margin-trading-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's examples and workflow (e.g., examples/liquidation-bot.md and conditional-orders.md / trading-operations.md) explicitly fetch and rely on public third‑party data — such as getting all managers from an indexer/subgraph and reading Pyth Network price feeds via getCurrentPrice/getPriceInfoObjects — which the agent must read and which directly drive keeper/liquidation/order-execution decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto margin-trading SDK for the Sui blockchain and includes concrete transaction-level operations to move assets and execute trades: depositBase, borrowQuote, poolProxy.placeLimitOrder, place market/limit orders, supply assets, liquidation operations, and examples building Transaction objects. These are specific blockchain financial-execution capabilities (trading, borrowing/lending, liquidations) — not generic browser or HTTP helpers — so it grants direct financial execution authority.