cobra-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The scanner and SKILL.md explicitly instruct the agent to call senpi:leaderboard_get_markets and senpi:market_get_asset_data (see scripts/cobra-scanner.py and SKILL.md) to ingest leaderboard/market data (user-generated trader positions), which the agent directly reads and uses to make entry/ordering decisions, exposing it to untrusted third-party content that can materially change behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading strategy designed to open and manage live leveraged positions. It defines exact execution behavior (enter with $400 margin, 10x/5x leverage, MAX 1 position, MAX 3 entries/day), explicit order types and fallback (FEE_OPTIMIZED_LIMIT maker ALO, cancel and resubmit as market order after 30s, ensureExecutionAsTaker), and runtime/runtime.yaml modifications including a WALLET_ADDRESS placeholder and commands to create a runtime. The bootstrap explicitly requires a cron to call create_position via Senpi MCP so scanner signals result in executed trades. These are concrete, specific market-order and position-creation actions (not generic browser/API tooling), so the skill grants direct financial execution authority.