orderly

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill routinely fetches live market and account data from open third-party endpoints (e.g., api.orderly.org via OrderlyClient._public_get and private endpoints like /v1/public/futures, /v1/orderbook, /v1/kline and external RPC via deposit._eth_call), and the agent is expected to read and act on that data as part of trading workflows, so untrusted third‑party responses can materially influence its actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading integration for a crypto/orderbook DEX and includes authenticated, state-changing financial operations. It provides direct trading tools (order creation: orderly_order for LIMIT/MARKET/IOC/FOK/POST_ONLY; orderly_modify; orderly_cancel; orderly_cancel_all), position and leverage management (orderly_leverage, orderly_positions, reduce_only flag), and account/withdrawal-related operations (wallet policy, USDC deposits, vault interactions, withdrawal signing). Orders are signed with Ed25519 keys provisioned via the agent's EVM wallet (Privy), i.e., the skill has explicit blockchain wallet signing and transaction execution capability. This is not a generic API or browser automation; its primary purpose is to move/execute funds and trades on-chain/off-chain. Therefore it grants Direct Financial Execution authority.