trading-signals

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md and reference/daily-trading-workflow.md) explicitly instructs the agent to fetch and ingest live public third‑party data and social signals—e.g., Polygon.io, yfinance, Binance, CoinGecko, Alpaca MCP for live market data and SignalSiphon/Twitter/Reddit sentiment—which the agent is expected to read and which directly drive trading decisions and executions, creating a clear avenue for indirect prompt injection from untrusted/user-generated sources.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading system and references broker/exchange APIs and an execution engine. It names Alpaca SDK (stock/options/crypto trading + data), Binance, Deribit, IBKR and Polymarket under brokers, an "Execution" node in the 8-node trading pipeline, and NautilusTrader as an execution engine. The success criteria even require "Clear action: BUY/SELL/HOLD/ROLL/CLOSE with specific levels." These are specific market-order/broker integration capabilities (not generic tooling), so it grants direct financial execution authority.