owl-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The scanner (scripts/owl-scanner.py) calls MCP tools that pull live market and leaderboard data (mcporter_call("market_list_instruments"), mcporter_call("leaderboard_get_markets"), mcporter_call("market_get_asset_data")) which are external, third‑party market/leaderboard feeds described in SKILL.md and are parsed by the agent to score crowding/exhaustion and directly drive create_position, so untrusted third‑party content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a self-executing trading strategy. It states the scanner "calls create_position directly via mcporter" and "when a score ≥ minScore candidate is found, the scanner executes the entry order itself — no external action layer required." The doc also describes order management behaviors (auto-cancel stale resting orders, maker entries), DSL trailing-stop execution, max positions, entry caps, drawdown circuit breakers, and position tracking. It targets crypto assets (mentions ZEC/MON/LIT, funding rates, OI) and specifies market-entry/exit logic (enter against the crowd, re-crowding exit, DSL High Water Mode). These are concrete market order / crypto trading execution actions — i.e., direct financial execution.