robonet-workbench

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill calls tools such as get_all_prediction_events and get_prediction_market_data to fetch public Polymarket prediction-market data (user-generated/open-web content) and the agent is expected to read and analyze that content as part of its workflows, creating a clear avenue for indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. The skill is explicitly for building, backtesting, and deploying live crypto and prediction-market trading strategies. It includes deployment tools (deployment_create, deployment_start/stop) to launch live trading on Hyperliquid using an EOA or Hyperliquid Vault, references wallet requirements (EOA, 200+ USDC vault), and the strategy framework includes execution methods (go_long, go_short, on_open_position) that perform trade entries/position sizing. It also exposes account/credit management and transaction history. These are specific crypto trading and wallet/deployment capabilities that can execute market orders and move funds.