senpi-trading-runtime

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The migration guide (references/migration-from-dsl-cron.md, Step 1) explicitly instructs checking and pulling runtime.yaml from a public GitHub URL (https://github.com/Senpi-ai/senpi-skills/.../runtime.yaml) and using its contents to build/install runtimes, so arbitrary public GitHub content can directly influence configuration and runtime actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for on-chain trading and automated exit execution. It describes an on-chain "position tracker" and a "DSL exit engine" that applies two-phase trailing stop-loss protection and enforces exits (including updating exchange stop-loss and producing close reasons like "exchange_sl_hit"). It also references Senpi MCP methods that create strategy wallets with an explicit initialBudget parameter (strategy_create_custom_strategy with initialBudget), and requires linking an existing strategy wallet address for runtime actions. These are specific crypto/trading capabilities (wallets, budgets, automated closes/exit actions) rather than generic tooling, so the skill grants direct financial execution authority.