simmer-skill-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow and templates explicitly instruct the agent to fetch and parse public third‑party data (e.g., "Get External API Docs (If Needed)" and examples like the NOAA weather trader and direct Polymarket CLOB endpoints in references/weather-trader and references/simmer-api), and to accept pasted tweets/threads or external API docs — all untrusted public content that the agent is expected to read and use to determine strategy logic and generate code, so it can materially influence tool use and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to build and deploy trading bots that place orders. It requires and uses the Simmer SDK/SimmerClient for trades, includes mandated functions like execute_trade(), get_client(), position sizing, and CLI flags (including --live) to perform real trades. It references Polymarket/CLOB endpoints for orderbook and pricing, requires a SIMMER_API_KEY env var, and specifies publishing runnable scripts that execute trades. These are specific financial/trading APIs and order-execution functions, not generic tooling, so it grants direct financial execution capability.