trade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests and interprets open/public third-party content—tweets, YouTube, articles, PDFs, screenshots and arbitrary URLs—via required scripts like skill/scripts/extract.ts and required web-search/discover flows (see SKILL.md §4, §7 and references/dense.md), and uses that content to drive routing, pricing, and trade actions, so untrusted user-generated content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). Yes — the skill explicitly runs remote-install code at runtime (curl -fsSL https://bun.sh/install | bash) and supports an in-run git update (git -C <repo_root> pull origin main, i.e. https://github.com/rohunvora/paste-trade) which fetches repository code that can change/execute agent behavior, so these external URLs are runtime dependencies that execute remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for trading and routing tradeable theses to executable instruments on named trading venues (Hyperliquid, Robinhood, Polymarket). It includes venue-specific discovery and routing scripts (discover.ts, route.ts) that return execution metadata (executable, shares_available, selected_expression with instrument/platform/ticker), pricing commands, and a post.ts/finalize flow for posting trades. This is a purpose-built financial execution pipeline (market orders/instrument routing), not a generic API caller or browser automator—so it grants direct financial execution capability.