scorpion-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches leaderboard and trader position data from external sources (see SKILL.md referencing Hyperliquid's leaderboard) and in scripts/scorpion-scanner.py it calls mcporter_call("discovery_get_top_traders", ...) and mcporter_call("leaderboard_get_trader_positions", ...) to ingest untrusted, user-generated trader/position data that the agent directly reads and uses to make trading decisions (entries/exits), enabling indirect prompt-injection risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading bot: it discovers top traders, "mirrors entries", manages position sizing/margin, and issues immediate exits and partial closes (e.g., "Close 25%", "Close 50%", "Close 100% immediately"). It requires DSL High Water Mode state files for dynamic stop/lock behavior and defines margins, max positions, drawdown limits, and cron jobs for executing scans and DSL routines. These are specific, primary financial operation actions (placing/closing trades, managing margin), not generic tooling. Therefore it grants direct financial execution capability.