sass-short-trader-delta-neutral

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches data from external MCP publishers (e.g., "alpaca", "sec-filings-intelligence", "google-trends", "perplexity"/"exa") as required by the MCP-native workflow and dry_run_prompt.txt, and the agent is expected to read and act on that untrusted public content to score names and drive order/hedge decisions (scripts/seren_client.py call_publisher and the dry_run_prompt.md/runbook steps show this), so third-party content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built to execute market trades. It integrates with Alpaca (broker) via an "alpaca" publisher and checks /v2/account, has a "live" execution mode described as "real broker execution path," includes scripts/commands to run live (strategy_engine.py --mode live --allow-live), mentions submitting orders and persisting order events/positions to SerenDB, and includes cron scheduling and controls that create/trigger live runs. It also contains pre-trade and dependency checks that gate order submission and emergency/stop-trading actions that cancel live orders. These are specific, explicit market-order/broker integration capabilities (not generic browser or HTTP tooling), so it grants direct financial execution authority.