delphi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill reads and interprets public, user-generated market metadata (via market.metadata / metadataUri fetched from IPFS/HTTP as shown in SKILL.md and reference/markets.md and used in scripts/get-market.ts/list-markets.ts) and queries a public Goldsky subgraph (reference/subgraph.md and scripts/list-recent-trades.ts), and that third-party content is programmatically consumed and used to label outcomes, select indices, and inform quoting/trading decisions—so untrusted external content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill explicitly provides on-chain trading and wallet management capabilities: it can quote and execute buyShares and sellShares transactions (with automatic token approval and slippage protections), approve/manage ERC‑20 allowances, redeem winnings, liquidate positions, bridge/claim tokens (testnet faucet and bridges), and requires signer credentials (private key or Coinbase CDP server wallet). These are specific crypto/blockchain financial operations (signing and sending transactions, moving tokens, executing market trades), not generic tooling. Therefore it grants direct financial execution authority.