@1826/funding-rate-arb

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md Step 1 and Tools Required explicitly instruct the agent to pull live funding rates from public third‑party APIs (funding_rate(...) for Hyperliquid/Binance/Bybit/OKX and cg_coins_market_data() from Coinglass), and that live, external market data is read and directly used to drive trading recommendations and potential execution, so untrusted third‑party content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for trading and includes concrete execution tools and instructions. It requires and documents hl_order() — "execute Hyperliquid leg (on user YES only)" — and hl_account() to check wallet balance for sizing. The spec instructs market orders, entry/exit triggers, and an explicit "Say 'YES open #...'" to execute the arb. These are specific financial execution capabilities (placing market orders / managing positions), not generic tooling. Therefore it provides Direct Financial Execution Authority.