hodlmm-arb-executor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches live data from public third-party APIs (Pyth Hermes, Hiro API, and the Bitflow Quotes API) and directly uses those untrusted external feeds in its doctor/simulate/execute/watch workflows to decide and emit MCP commands, so that remote content can materially influence tool use and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto trading/execution tool. It is write-capable and emits on-chain MCP commands to perform swaps and liquidity operations (e.g., bitflow_swap, bitflow_hodlmm_add_liquidity, bitflow_hodlmm_withdraw_liquidity). The prompt includes concrete transaction examples (on-chain txid, wallet debited/credited), required confirmation for live execution, postConditions enforcing FT debits/credits, and a hard spend cap (MAX_AUTONOMOUS_SATS). These are specific, purpose-built functions to move crypto funds and execute market actions, not generic tooling — therefore it grants Direct Financial Execution authority.