cheetah-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md runtime setup explicitly instructs using curl to download and execute scripts and config from raw.githubusercontent.com (https://raw.githubusercontent.com/Senpi-ai/senpi-skills/...), i.e., arbitrary public GitHub-hosted content that the agent will ingest and run and thus can materially alter its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The runtime setup explicitly downloads and then runs remote Python code from raw.githubusercontent.com (e.g. https://raw.githubusercontent.com/Senpi-ai/senpi-skills/main/cheetah/scripts/cheetah-scanner.py and https://raw.githubusercontent.com/Senpi-ai/senpi-skills/main/cheetah/scripts/cheetah_config.py), so required external content is fetched at install/run time and executed, meeting the criteria for a high-risk external dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading strategy that programmatically submits market positions/orders. It requires a wallet address in runtime.yaml, is "Self-executing — scanner calls create_position via mcporter directly," and contains functions and checks around order creation (create_position, data.orders[0].success, get_safe_leverage, strategy_get_asset_trading_limits). This is not a generic tool: its primary and explicit purpose is to send trade transactions (open positions) with leverage on markets. That meets the "Market Orders / sending transactions" criterion for Direct Financial Execution.