fox-strategy

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Both links point to a small/unverified project (a niche .ai domain and a GitHub repo) that instructs installing and running Python scripts/crons — which effectively distributes executable code; while not an immediate red flag like an .exe or obfuscated redirect, the unknown author/repo and instructions to run code on a host make it a potentially risky/untrusted source that should be fully inspected and sandboxed before use.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The scanner explicitly calls mcporter_call("leaderboard_get_markets") and market_get_asset_data in scripts/fox-scanner.py (also documented in SKILL.md) to ingest live, external market/leaderboard data and then directly uses that untrusted input to generate signals, build DSL state, and drive position creation, so third-party content can materially influence agent decisions and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly an automated trading strategy that opens and closes market positions. It defines a clear procedural flow to execute trades: verify clearinghouse state (strategy_get_clearinghouse_state), check exchange max leverage, and call create_position to open trades; it also enforces leverage (7–10x), position limits, entry/exit rules, and records results. These are specific market-order/position-management operations (i.e., moving capital on exchanges), not generic tooling. Therefore it grants direct financial execution capability.