base-trader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and act on open/public sources—e.g., check Basescan, "What tokens are trending on Base?", "What's the sentiment on TOKEN?", and quick social checks (Twitter/Telegram) in references/launch-sniping.md and references/market-research-bankr.md—so it ingests untrusted user-generated web/social content that can materially influence trading decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly an autonomous crypto trader wired to the Bankr API for the Base chain. It requires a configured Bankr wallet and ETH for gas, includes concrete commands and scripts that perform buys, sells, set stop-losses, DCA, and other trade executions (e.g., ~/clawd/skills/bankr/scripts/bankr.sh "Buy $25 of TOKEN on Base", "Sell 25% of my TOKEN on Base", "Set stop loss for TOKEN at -15%"). These are specific payment/crypto transaction capabilities (wallet usage, signing/executing trades) whose primary purpose is moving funds/crypto. Therefore it grants Direct Financial Execution Authority.