alpaca-mcp-server-trading

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md's "Available toolsets" explicitly includes a "news — News articles for stocks and crypto" toolset (and describes news/articles access) which means the MCP server can fetch public third-party news/articles that the agent may read and use to drive trading actions, allowing untrusted content to materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes Alpaca's Trading API as MCP tools and documents order-management and trading capabilities (market, limit, stop, trailing-stop orders), crypto trading, options trading, account and portfolio management, and instructions to switch from paper to live trading using live API keys. It includes examples and SDK code that submit market orders and manage positions. Because its primary and explicit purpose is placing market/limit/option/crypto orders (i.e., moving real money when live trading is enabled), it grants Direct Financial Execution authority.