bald-eagle-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The scanner (scripts/eagle-scanner.py) calls mcporter_call("leaderboard_get_markets") and mcporter_call("market_get_asset_data") to ingest social/market (SM) leaderboard and orderbook/candle data (user-generated/public market signals) and then directly uses those signals to score, build DSL state, and call create_position, so untrusted third-party content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. The skill is explicitly a trading strategy with built-in execution: it targets trading on Hyperliquid, requires setting a wallet in runtime.yaml, the scanner "calls create_position internally", references execution mode (ensureExecutionAsTaker = false / Maker-only execution), a position tracker and RatchetStop runtime plugin, leverage/margin rules, max positions/entries and other order-related gates. Those are specific market-order/position-creation capabilities (directly moving capital), not generic tooling.