grizzly-strategy

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These are direct raw GitHub and project-site links (no obfuscating redirects or binary installers) but they explicitly instruct downloading and executing Python scripts from a single, likely small/unknown repo and thus pose a moderate-to-high risk unless you verify the repository, author reputation, and review the code before running it.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The scanner explicitly fetches and interprets external market and leaderboard data via mcporter_call("market_get_asset_data") and mcporter_call("leaderboard_get_markets") (see get_btc_full_picture and get_btc_sm_direction in scripts/grizzly-scanner.py), and those untrusted/user-derived feeds (market candles, OI, and "smart money" leaderboard) are used as hard gates that directly control entry/exit actions, so third-party content can materially influence tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading strategy with named execution primitives and an automated producer cron. It references specific functions/APIs that perform market actions (create_position, close_position, edit_position, cancel_order, strategy_close_positions, execute_entry, ratchet_stop_*), requires a strategy wallet address, and installs a scanner cron (grizzly-scanner.py) that is the authorized entry path to execute trades. Those are concrete market-order / crypto trading execution capabilities, not generic tooling. Therefore it grants direct financial execution authority.