electrobun

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime explicitly loads and ingests third‑party broker web pages and APIs (e.g., in architecture.md, BrowserView navigationRules allowing https://api.broker.com/*, and numerous Bun fetch/WebSocket broker handlers in broker-integration.md) and programmatically parses navigation events, HTTP responses and market data which directly influence order/strategy actions, so untrusted external content can materially affect behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for trading and broker integration and includes concrete APIs and code paths to execute financial transactions. It defines broker implementations (e.g., zerodha.ts), a broker plugin system, an OrderManager, and RPC methods that perform order actions: placeOrder, modifyOrder, cancelOrder, getOrders/getOrderHistory, position/holdings/margins, and emergency stop that calls orderManager.cancelAll. The main process RPC handlers directly call broker.authenticate and orderManager.place/cancel, indicating the primary purpose is to send trading orders to brokers (i.e., move money/execute market orders). This matches "Direct Financial Execution" (payment/market order/broker API) rather than a generic tool.