moltrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly configures Nostr relays and copy-trade functionality (see "Broadcast Signals to Nostr" and "Copy-trade Usage"), meaning the agent will ingest user-generated signals from public relays and act on them (mirror/execute trades), which could allow indirect prompt injection via those third-party messages.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs users/agents to clone and run code from the remote GitHub repository (git clone https://github.com/hetu-project/moltrade.git then pip install / python), which fetches remote code that will be executed and is required for the skill to run—so the GitHub URL is a runtime external dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading bot with built-in exchange adapters and direct market-execution capabilities. It documents Binance Spot integration (requires API key/secret), provides commands for running live mode that "will place real orders", and exposes a BinanceClient/adapter interface with methods like place_order, cancel_order, cancel_all_orders, get_balance, get_positions, get_ticker_price. It also references a separate binance/spot skill. These are specific financial APIs/tools to send market/brokerage orders—i.e., direct financial execution.