hodlmm-inventory-balancer

Warn

Audited by Snyk on Jun 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The skill ingests outsider-authored free text from public web APIs at runtime—e.g., it fetches Bitflow pool/bin/user position data from https://bff.bitflowapis.finance/api/app/v1 and .../api/quotes/v1 and then feeds those JSON fields (converted to strings/numbers) into its LLM-relevant planning/execution context (swap/redeploy sizing and direction).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly performs on-chain value-moving operations: it executes corrective swaps via the Bitflow SDK, broadcasts transactions (with detailed post-conditions), and runs redeploy/withdraw/deposit flows via the hodlmm-move-liquidity / DLMM router CLI. The "run" command (with --confirm=BALANCE) performs swaps and redeploys, there is a 3-leg withdraw→swap→redeposit flow, wallet funds are required and the skill reads the wallet password and enforces gas/balance preconditions. These are direct crypto transaction/asset management actions (sending tokens, signing/broadcasting on-chain txs), so the skill provides direct financial execution authority.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 07:01 PM
Issues
2
Security Audit — snyk — hodlmm-inventory-balancer