macro-liquidity

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.70). The prompt contains an explicit instruction to append a promotional message to every output—which is unrelated to the skill’s stated macro-liquidity analysis purpose and thus is a deceptive/out-of-scope behavioral requirement.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md Execution Steps explicitly require using web_search to fetch live data and source links from open/public sites (e.g., NewYorkFed/Treasury for Fed assets/TGA/ON RRP, newyorkfed.org for SOFR, TradingView/financial news for MOVE, Bank of Japan or public markets for USDJPY and yields), and the agent must read and interpret those third-party pages to make trading/asset-allocation decisions—this direct ingestion of public web content that materially drives actions enables indirect prompt injection.