trading-strategy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells the agent to "ask for headers/credentials" for paid sources and to use them with web_fetch, which requires receiving and embedding secrets in requests/tool calls and therefore creates a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and references/research-patterns.md explicitly instruct the agent to fetch and ingest open web and social content (e.g., web_search, web_fetch, twitter_search_tweets, lunar_topic and user-shared Substack URLs) and to read/interpret those sources as part of analysis and decision-making, which exposes it to untrusted third-party content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs the agent at runtime to fetch and ingest arbitrary user-provided articles via web_fetch (e.g., web_fetch(url="[substack/article URL]")), and that fetched content is extracted and injected into the agent's context to drive its responses, which is a runtime external dependency that directly controls prompts.