tiger-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public market and instrument data (e.g., prescreener and scanners call get_all_instruments / get_asset_candles in compression-scanner.py, correlation-scanner.py, funding-scanner.py and the DSL uses curl to https://api.hyperliquid.xyz/info), and that untrusted third‑party content is parsed and used to make trading decisions (create_position/close_position/ROAR tuning) as described in SKILL.md and the cron templates, so it can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading/execution system and includes specific APIs and functions for moving money: Senpi MCP via mcporter, commands like strategy_top_up (fund the wallet), strategy_create_custom_strategy, and explicit execution APIs: create_position, close_position, edit_position, cancel_order, plus guidance on orderType (MARKET, FEE_OPTIMIZED_LIMIT) and wallet/address in setup. It describes opening/closing/resizing positions, exchange stop-loss behavior, and mcporter call examples (e.g., senpi.close_position(...)). These are concrete financial execution capabilities (market orders, position management, wallet funding), not generic IO tools.