liquidity-paired-basis-maker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches live market and history data from public third-party endpoints (see SKILL.md's "The skill discovers and fetches live Polymarket pairs automatically via backtest.gamma_markets_url" and the code paths _fetch_live_backtest_pairs/_fetch_live_trade_pairs calling bt.gamma_markets_url and clob.polymarket.com via _http_get_json), and that untrusted, user-generated market/question/history content is parsed and directly influences backtest gating and trade decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly designed to execute live trades. It requires live execution flags and private keys (POLY_PRIVATE_KEY / WALLET_PRIVATE_KEY, POLY_API_KEY / POLY_PASSPHRASE / POLY_SECRET), declares py-clob-client / DirectClobTrader as the canonical live execution path for signing/submitting orders, and contains concrete execution behaviors (emit_pair_trades, marketable min-tick sells, unwind/all exit commands, cancellation and submission of orders). It also references funding flows (Stripe deposits and POST /wallet/deposit) and API endpoints tied to account funding. These are specific, explicit financial execution capabilities (placing market orders, signing/submitting on a CLOB, and wallet/payment interactions), not generic tooling.