rwa-alpha

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's perception layer explicitly polls public NewsNow RSS sources (wallstreetcn, cls, jin10) and the Polymarket API for headlines/probabilities which the agent classifies (SKILL.md, SKILL_SUMMARY.md, rwa_alpha.py) and uses to produce macro-event signals that directly drive trading actions via the onchainos CLI, exposing it to untrusted third‑party, user-generated web content that can influence tool use and decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading engine designed to execute on-chain financial transactions. It contains concrete CLI commands and functions for quoting and performing swaps (onchainos swap quote / onchainos swap swap), wallet actions and transaction signing/broadcasting (onchainos wallet contract-call, wallet status, wallet addresses, wallet history), and describes Agentic Wallet TEE signing and autonomous "live" mode where trades are executed without per-transaction confirmation. It also exposes configuration for TOTAL_BUDGET_USD, BUY_AMOUNT_USD, enabled chains, and live/paper modes. These are specific crypto/blockchain trading and wallet signing capabilities (swaps, signing, broadcasting) — i.e., direct financial execution.