hodlmm-inventory-balancer
Warn
Audited by Snyk on Jun 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The skill ingests outsider-authored free text from public web APIs at runtime—e.g., it fetches Bitflow pool/bin/user position data from
https://bff.bitflowapis.finance/api/app/v1and.../api/quotes/v1and then feeds those JSON fields (converted to strings/numbers) into its LLM-relevant planning/execution context (swap/redeploy sizing and direction).
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly performs on-chain value-moving operations: it executes corrective swaps via the Bitflow SDK, broadcasts transactions (with detailed post-conditions), and runs redeploy/withdraw/deposit flows via the hodlmm-move-liquidity / DLMM router CLI. The "run" command (with --confirm=BALANCE) performs swaps and redeploys, there is a 3-leg withdraw→swap→redeposit flow, wallet funds are required and the skill reads the wallet password and enforces gas/balance preconditions. These are direct crypto transaction/asset management actions (sending tokens, signing/broadcasting on-chain txs), so the skill provides direct financial execution authority.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata