rhino-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The scanner (scripts/rhino-scanner.py) repeatedly calls external market endpoints via cfg.mcporter_call (e.g., "market_list_instruments", "market_get_asset_data", "leaderboard_get_markets" in scripts/rhino-scanner.py and rhino_config.py) to ingest public market/leaderboard data which the agent directly reads and uses to decide entries and pyramid adds, exposing it to untrusted third‑party content that can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading strategy that opens positions, sizes entries, and issues adds at +10% and +20% ROE, uses margin/position sizing, and requires a scanner/cron to "scout" and "add to existing winners." It mandates creating DSL state files and a DSL cron to trail/close positions. Files and scripts (scripts/rhino-scanner.py, config/rhino-config.json) and notification events like "SCOUT opened" and "CONFIRM added" indicate the skill's primary function is to place and manage market trades (buy/sell and position adjustments), not a generic utility. This fits the Direct Financial Execution category (market orders / trading execution).