copy-trading

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses public, untrusted third-party data (e.g., SolanaTracker PnL via https://data.solanatracker.io/pnl/{wallet} in scripts/evaluate_wallet.py, DexScreener token info via scripts/monitor_wallet.py, and Helius/RPC transaction feeds described in references/execution_strategy.md and SKILL.md), and that externally-sourced content is read and used to make copy‑trade decisions and trigger executions—so it can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for on-chain crypto trading: it monitors Solana wallets and "execute[s] proportionally-sized trades" via a DEX aggregator (mentions Jupiter/jupiter-swap and helius-api). It defines an execution pipeline (detect, parse, size, execute) and references APIs for trade execution — i.e., direct crypto transaction/swap capabilities. This is a specific financial execution capability (blockchain trading), not a generic tool, so it meets the Direct Financial Execution criteria.