condor-strategy
Warn
Audited by Snyk on May 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The producer explicitly fetches external market and "smart-money" leaderboard data via cfg.mcp_call("market_list_instruments") and cfg.mcp_call("leaderboard_get_markets") (MCP endpoint /mcp) in scripts/condor-producer.py, and the runtime LLM decision gate (runtime.yaml decision_prompt using {{signal_condor_signals}}) consumes that signal payload to decide OPEN_POSITION actions, so untrusted/user-generated third-party content can materially influence agent decisions.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly a trading strategy that issues orders and manages positions. It describes a producer emitting signals to a runtime endpoint (/signals) where an LLM-gated action ("condor_entry") "opens via FEE_OPTIMIZED_LIMIT" and carries marginUsd + leverage. It references functions/tools by name that create and manage trades: create_position, close_position, edit_position, cancel_order, strategy_close, ratchet_stop_* and an explicit DSL ratchet engine for exits. It also uses trading-specific concepts (leverage, marginUsd, order types, per-asset trading limits, position sizing), and computes and passes order execution parameters. These are specific, purpose-built financial execution capabilities (market/limit order placement and position management), not generic automation or API callers.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata