wolf-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scanner (scripts/emerging-movers.py) explicitly fetches public market/leaderboard data via mcporter_call("leaderboard_get_markets") and builds the agent-facing "topPicks" alerts (used by the cron agent mandates and open-position workflow), meaning untrusted, user-created market fields (token names, reasons, etc.) are ingested at runtime and can directly drive automated decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading bot that opens, manages, and closes live positions and manipulates wallets/budgets. It requires a Senpi MCP connection and mcporter, instructs funding wallets, and includes concrete execution calls: e.g. "python3 scripts/open-position.py" (atomically opens a position and calls dsl-cli.py add-dsl), "close_position" MCP call, and DSL actions that perform native Hyperliquid stop-loss via edit_position. It references interacting with clearinghouse/fill data, per-strategy wallets, leverage, and commands to top up strategy wallets. These are specific, purpose-built financial execution tools (market/position open/close, wallet management, stop-loss order edits), not generic APIs—so it grants direct financial execution authority.