hydra

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill’s runtime code (scripts/hydra-scanner.py and scripts/hydra-monitor.py) calls mcporter_call for leaderboard_get_markets, leaderboard_get_top and market_get_asset_data to ingest live leaderboard/market data (user-generated trader leaderboard signals and public market feeds) and directly uses those signals (EM source, candidate discovery, FDD re-checks, scoring and sizing) to make trading decisions and trigger actions, so untrusted third-party content can materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The HYDRA skill is explicitly a crypto trading system that opens, manages, and closes leveraged positions. It references concrete trading actions and APIs (e.g., create_position, strategy_get_clearinghouse_state, clearinghouse state, writing DSL position state files), enforces position limits, leverage caps, margin rules, trailing-stop DSL management, and a monitor that can output and must be acted on with FORCE_CLOSE or FORCE_CLOSE_ALL. The scanner generates complete DSL state and the agent is required to write that state and execute position lifecycle behavior. These are specific, purpose-built market-order/position-management capabilities for crypto assets (market entries/exits, force-closes, position sizing) — not generic tooling. Therefore this skill grants direct financial execution authority.