bald-eagle-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The scanner (scripts/eagle-scanner.py) calls mcporter_call("leaderboard_get_markets") and market_get_asset_data to ingest live SM/leaderboard data (user-generated trader signals and market order-book info) and directly uses that untrusted third‑party content to score signals and call create_position, so external content can materially change agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. The skill is explicitly a trading strategy with built-in execution: it targets trading on Hyperliquid, requires setting a wallet in runtime.yaml, the scanner "calls create_position internally", references execution mode (ensureExecutionAsTaker = false / Maker-only execution), a position tracker and RatchetStop runtime plugin, leverage/margin rules, max positions/entries and other order-related gates. Those are specific market-order/position-creation capabilities (directly moving capital), not generic tooling.