blave-quant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and examples explicitly instruct the agent to fetch and interpret live data from public third-party sources (e.g., Blave API endpoints like GET /alpha_table and /kline at https://api.blave.org, TradingView SSE, Hyperliquid endpoints, TWSE/TPEX open APIs, and public web pages used in examples such as the Farside ETF page and a Truth Social monitor), and that external, untrusted content is used in screening/backtests and to drive trading decisions—so it clearly ingests untrusted third‑party content that can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The README includes an install/update command that the agent is explicitly told it may run at runtime — "npx -y skills add https://github.com/Blave-TW/blave-quant-skill" — which will fetch and execute remote code from that GitHub URL, so this external URL can deliver code that runs and controls the agent.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes trading and fund-movement APIs across multiple exchanges (BitMart, OKX, Bybit, BingX, Bitget, Binance, Bitfinex, KuCoin) with concrete write actions: place/modify/cancel orders (limit/market/algo/OCO/TP-SL/trailing), open/close positions, adjust leverage/margin, submit/cancel funding offers/loans/credits (Bitfinex), wallet and sub-account transfers, and account management. Those are direct market-order and money-transfer operations (i.e., “send transaction” functionality). The presence of a mandatory "CONFIRM" flow is a safety constraint but does not remove the skill’s explicit ability to execute financial transactions. Therefore this skill provides Direct Financial Execution capability.