condor-strategy

Warn

Audited by Snyk on May 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The producer explicitly fetches external market and "smart-money" leaderboard data via cfg.mcp_call("market_list_instruments") and cfg.mcp_call("leaderboard_get_markets") (MCP endpoint /mcp) in scripts/condor-producer.py, and the runtime LLM decision gate (runtime.yaml decision_prompt using {{signal_condor_signals}}) consumes that signal payload to decide OPEN_POSITION actions, so untrusted/user-generated third-party content can materially influence agent decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly a trading strategy that issues orders and manages positions. It describes a producer emitting signals to a runtime endpoint (/signals) where an LLM-gated action ("condor_entry") "opens via FEE_OPTIMIZED_LIMIT" and carries marginUsd + leverage. It references functions/tools by name that create and manage trades: create_position, close_position, edit_position, cancel_order, strategy_close, ratchet_stop_* and an explicit DSL ratchet engine for exits. It also uses trading-specific concepts (leverage, marginUsd, order types, per-asset trading limits, position sizing), and computes and passes order execution parameters. These are specific, purpose-built financial execution capabilities (market/limit order placement and position management), not generic automation or API callers.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 08:27 PM
Issues
2
Security Audit — snyk — condor-strategy