condor-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The scanner (scripts/condor-scanner.py) calls cfg.mcporter_call("leaderboard_get_markets") and cfg.mcporter_call("market_get_asset_data") to ingest SM/leaderboard and funding data (user-generated trader consensus and market feeds) from external MCP endpoints and then directly uses that untrusted third‑party content to score assets and drive trade decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading strategy that configures a wallet and a runtime to place positions. It substitutes a WALLET_ADDRESS into runtime.yaml, references a trading runtime (senpi-trading-runtime / openclaw senpi), includes position/leverage rules (7x, entries/day, margin scaling), and states that it "enters the strongest thesis" with DSL-managed exits. These are specific crypto trading/transaction capabilities (wallet configuration + automated order execution), not generic tooling, so it grants direct financial execution authority.