openfin-troubleshooting

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs the agent to fetch and interpret responses from public third-party endpoints (e.g., curl https://clob.polymarket.com/version and the Hyperliquid websocket wss://api.hyperliquid.xyz/ws) and to change behavior (which token/spender to use, retry logic, reconnection behavior) based on those responses, which exposes the agent to untrusted third-party content that can influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about trading and on-chain actions: it documents and instructs use of specific endpoints that approve tokens, place market orders (POST /agent/polymarket/order/market), execute signed transactions (POST /agent/relay/execute), withdraw funds (POST /agent/trading/withdraw), adjust account abstractions (POST /agent/trading/abstraction or set_user_abstraction), and reads/writes wallet/trading state (GET /agent/wallets, GET /agent/trading/account). These are concrete crypto/market APIs and transaction-signing/withdrawal operations — not generic tooling — so it grants direct financial execution capability.