beaver-strategy
Warn
Audited by Snyk on Jun 28, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). At runtime the producer calls outsider-authored public data via MCP tools
market_get_asset_data(candles from external market data sources) andleaderboard_get_markets(Smart-Money leaderboard), then passes the resulting values into the LLM-gatedbeaver_entryaction as{{signal_beaver_signals}}context.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly a crypto trading strategy for BTC and details runtime actions that open and manage market positions. It describes the LLM-gated beaver_entry action that "opens via FEE_OPTIMIZED_LIMIT", references position-management calls (create_position, close_position, edit_position, ratchet_stop_*) and describes order execution parameters (ensure_execution_as_taker). These are direct market-order/position-management capabilities for crypto trading, so it provides direct financial execution authority.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata