robonet-workbench

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly includes tools that fetch public, user-generated market content (e.g., get_all_prediction_events and get_prediction_market_data for Polymarket, get_all_symbols for Hyperliquid, and generate_ideas which uses current market data) and instructs the agent to read and act on that data as part of strategy generation, backtesting, and deployment, meaning untrusted third‑party content can materially influence tool use and decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for crypto and prediction-market trading and includes tools that perform live execution. It provides deployment tools (deployment_create, deployment_start/stop, deployment_list) to launch live trading agents that trade via EOA (externally owned wallet) or a Hyperliquid Vault, and the strategy framework includes execution methods (go_long/go_short, on_open_position) that perform order entries/position management. It also exposes account/credit management (get_credit_balance, get_credit_transactions) and integrates with Hyperliquid and Polymarket. These are specific, purpose-built capabilities for placing trades and controlling wallets, not generic tooling, so the skill grants direct financial execution authority.