raptor-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The scanner directly ingests public trader and market data via mcporter_call to endpoints such as discovery_get_top_traders, leaderboard_get_top, leaderboard_get_trader_positions, leaderboard_get_markets and market_get_prices, and then interprets that untrusted, user-generated leaderboard/position content to build signals and autonomously execute trades — so third‑party content materially influences actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The README and SKILL.md explicitly instruct fetching and then running remote Python code from raw.githubusercontent.com (e.g. https://raw.githubusercontent.com/Senpi-ai/senpi-skills/main/raptor/scripts/raptor-scanner.py and related raw.githubusercontent.com URLs), which means remote code is downloaded and executed as a required step for the skill.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading strategy that self-executes market activity. It names and describes direct order/position APIs and behaviors: "self-executing — scanner calls create_position directly via mcporter," leverage tiers (7x/8x/10x), auto-cancel of resting orders, dynamic daily P&L-aware entry caps, and per-asset cooldowns. Those are specific financial execution actions (placing/canceling orders and managing positions), not generic tooling. Therefore it grants direct financial execution authority.