boar-strategy

Warn

Audited by Snyk on Jun 28, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). At runtime the producer daemon fetches live market/instrument data via cfg.mcp_call(...) (e.g., market_list_instruments and market_get_asset_data in get_universe_meta() / fetch_candles()), and those responses are then used to construct the signal_boar_* payload that is injected into the runtime LLM context via runtime-*.yaml actions.*.contextdecision_prompt ({{signal_boar_long_signals}} / {{signal_boar_short_signals}}); this is outsider-authored free text from an external MCP/vendor source.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).


MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly references trading wallets (BOAR_LONG_WALLET, BOAR_SHORT_WALLET) and concrete order/position management functions such as create_position, close_position, edit_position, ratchet_stop_, cancel_order, and strategy_close. It also discusses order types (FEE_OPTIMIZED_LIMIT with taker fallback) and runtime daemons that emit entries/exits. Those are specific market-execution APIs/tools (placing, editing, cancelling orders and managing positions tied to wallets), so this grants direct financial execution capability even though a "read-only" rule for conversational sessions is stated.

Issues (3)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 28, 2026, 08:48 PM
Issues
3
Security Audit — snyk — boar-strategy