autonomous-trading

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests external market and smart‑money data (e.g., refreshes max-leverage.json via the Hyperliquid API meta endpoint, uses leaderboard_get_markets smart‑money/trader‑count signals and scanner snapshots) and mandates the agent read and act on those public/user‑generated feeds in its scan→evaluate→trade→protect loop, so untrusted third‑party content can directly influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading automation tool (Autonomous Trading v6) built to create strategy wallets, open and close positions, and manage live trades on Hyperliquid. It defines concrete API-style calls and actions such as strategy_create_strategy(budgetUsd, leverageType, riskLabel) which returns a walletAddress and strategyId, instructions to "Fund the wallet," and code examples like close_position(wallet, asset). The flow includes opening positions, enforcing leverage and position-size rules, auto-closing on DSL breaches, and cron-driven trade execution. These are specific, purpose-built financial execution operations (market orders / position management), not generic tooling. Therefore it grants direct financial execution authority.