hodlmm-move-liquidity

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's usage examples and command syntax explicitly show passing a password via the --password CLI flag (and instruct adding --confirm --password to execute), which requires the agent to accept and embed secret values verbatim in generated commands — an insecure pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches pool, bin, and user-position data from public third‑party APIs (e.g., https://bff.bitflowapis.finance/... and https://api.mainnet.hiro.so used in fetchPools/fetchPoolBins/fetchUserPositions/fetchStxBalance) and directly uses that untrusted data to build move plans and decide/execute on‑chain rebalances (see run/auto workflows), so external content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly performs on-chain financial operations: it calls the Bitflow DLMM liquidity router's move-relative-liquidity-multi function to withdraw and re-deposit liquidity in a single atomic transaction, mints/burns DLP tokens, and broadcasts transactions (producing txids). It requires wallet credentials/password and depends on @stacks/transactions and @stacks/wallet-sdk. The run --confirm executes the transaction, and the auto command autonomously executes moves on mainnet. These are direct crypto/blockchain wallet and transaction actions (signing/sending), not generic I/O — therefore it grants direct financial execution authority.