simmer-skill-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow (Step 1 and Step 3) and the provided examples (e.g., references/example-weather-trader.md and the Polymarket CLOB endpoints) explicitly instruct the agent to fetch and parse public third‑party content (tweets, NOAA, Polymarket/CLOB, Synth, Binance, RSS, or fetched API docs) and to use those signals to drive trading decisions, so untrusted web content can directly influence tool use and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and specifically designed to create trading bots that place real market orders via the Simmer SDK. It requires the simmer-sdk, enforces use of SimmerClient for trades, describes execute_trade(), position sizing, wallet signing, and a --live flag for real trades. It targets Polymarket/Simmer markets and includes rules about order minimums and tagging trades. This is direct market-order execution (sending transactions), not a generic tool, so it grants Direct Financial Execution Authority.