shredstream

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly subscribes to and ingests pre-execution, user-generated Solana transactions from open third‑party endpoints (e.g., Jito Block Engine URL https://mainnet.block-engine.jito.wtf and Shyft RabbitStream endpoints like rabbitstream.ny.shyft.to) as shown in SKILL.md and the runtime scripts (scripts/parse_shredstream_entries.py and scripts/rabbitstream_monitor.py), and it parses those transactions/instructions to drive trading signals and downstream actions, so untrusted third‑party content can materially influence agent behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt instructs running privileged operations (e.g., "sudo tcpdump"), requires firewall/network configuration (opening UDP port 20000, host-networked Docker) and other system-level deployment steps that request elevated privileges and modify machine/network state, even though it doesn't explicitly create users or edit system files.