jackal-tracker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The producer (scripts/jackal-producer.py) fetches user-generated trader data via MCP calls like discovery_get_top_traders and discovery_get_trader_state, builds signal payloads, and hands them to the runtime LLM decision_prompt in runtime.yaml ({{signal_jackal_signals}}) which directly gates execution—so untrusted third‑party content is ingested and can materially influence LLM-driven actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading agent whose runtime performs order execution. The doc repeatedly states that the runtime "executes approved entries", "position_tracker" and "DSL exit engine" manage open positions, and even notes "order placement" latency (~2–3s). The install snippet requires a WALLET_ADDRESS and the architecture calls (discovery_get_top_traders, market_get_asset_data) and runtime-managed DSL clearly show this is designed to place market positions/trades (i.e., move financial assets). This is a specific financial execution capability, not a generic tool.