jaguar-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's README and SKILL.md explicitly instruct downloading runtime.yaml, SKILL.md, and scripts from raw.githubusercontent.com (public GitHub URLs) and to "cat /data/workspace/skills/senpi-trading-runtime/SKILL.md" during bootstrap, so the agent is expected to ingest public third‑party files (runtime/config and CLI docs) whose contents can materially influence runtime behavior and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading strategy that interfaces with on-chain positions and a runtime that manages position creation and exits. It references create_position, a position_tracker that "auto-detects position opens/closes on-chain", setting a "strategy wallet address" in runtime.yaml, and CLI commands (openclaw senpi runtime create, openclaw senpi dsl positions / inspect) used to install and manage the trading runtime. These are concrete blockchain/crypto trading controls (wallet address, on-chain positions, position creation/exit) — not generic automation — and therefore constitute direct financial execution capability.