stacks-alpha-engine

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and interprets live data from multiple public third‑party APIs (e.g., HIRO_API/hiro.so contract reads, TENERO_API price oracle, BITFLOW_API HODLMM pools, and mempool.space) as required parts of its Scout/Reserve/Guardian pipeline, and those external responses materially influence safety gates and the agent's decision to generate or execute transaction instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and primarily a DeFi transaction executor. It defines read+write paths for multiple blockchain protocols (Zest, Hermetica, Granite, HODLMM) and concrete on-chain methods (e.g., zest_supply, staking-v1-1.stake, liquidity-provider-v1.deposit, add-liquidity-simple, withdraw-liquidity-simple) and provides commands labeled as writes: deploy, withdraw, rebalance, migrate, emergency. The engine produces executable transaction instructions, txids, and has a full safety/execute pipeline for emitting on-chain transactions (even if it “does not hold keys or sign directly”). This is a specific tool to move crypto assets across protocols (crypto/blockchain execution), so it meets the Direct Financial Execution criteria.