trader-hand-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly uses web_search and web_fetch in Phase 2 of SKILL.md to fetch and ingest open/public third-party sources (e.g., finance.yahoo.com, tradingview, Reddit/StockTwits, CoinGecko) and then reads and scores that user-generated/untrusted content to drive trading decisions and executions, which could allow indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes an explicit Alpaca Trading API reference with concrete authenticated curl examples to place market/limit/stop/stop-limit/trailing/bracket/OCO orders, cancel orders, close positions (including "EMERGENCY: Close ALL positions"), and account/portfolio endpoints. Those are direct market-order and account-management operations (i.e., explicit commands to move funds/execute trades). This is a specific financial execution capability, not a generic API or browser automation tool.