pangolin-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The scanner (scripts/pangolin-scanner.py) calls mcporter_call("market_list_instruments") and mcporter_call("leaderboard_get_markets") to ingest external market and SM/leaderboard data in scan_funding_extremes, and that untrusted third‑party/user‑generated content is directly read, scored, and used to decide and execute trading actions (execute_entry), so it can materially influence the agent's behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is an explicit trading strategy: it scans instruments (OI > $3M), selects assets, opens leveraged positions opposite funding rate direction, and collects funding every 8h. It describes entry/exit logic, leverage (3-5x), and runtime DSL for exits—i.e., it is designed to place and manage market positions (trade execution). This is not a generic tool; its primary purpose is to move capital via trading/market orders and thus constitutes direct financial execution capability.