crypto-advisor

Warn

Audited by Snyk on Jun 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). The required workflow for this skill routes many user questions through runtime-loaded sub-skills (e.g., analyst-crypto, fomc-monitor, prediction-market-odds, crypto-token-screener) that commonly fetch or ingest external/public data and free-form text (web content, market commentary, scraped pages) into the agent’s LLM context, creating an indirect prompt-injection surface from outsider-authored prose.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly lists an execution wiring: "Execution: coinbase-cdp-connector" and references backtest and execution gates. A named Coinbase connector is a specific crypto execution integration (exchange/wallet connector) — i.e., a tool whose purpose is to send/execute crypto trades. Even though the doc emphasizes "notification-first" and that the human places orders, the presence of a specific Coinbase execution connector constitutes direct financial execution capability (crypto/blockchain execution).

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 16, 2026, 08:02 AM
Issues
2
Security Audit — snyk — crypto-advisor