jaguar-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The scanner (scripts/jaguar-scanner.py) calls cfg.mcporter_call("leaderboard_get_markets", ...) to fetch external leaderboard/market data and then parses those fields to decide and invoke create_position (mcporter_call "create_position"), meaning untrusted/public market data is ingested at runtime and can directly change tool actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading strategy that interfaces with on-chain positions and a runtime that manages position creation and exits. It references create_position, a position_tracker that "auto-detects position opens/closes on-chain", setting a "strategy wallet address" in runtime.yaml, and CLI commands (openclaw senpi runtime create, openclaw senpi dsl positions / inspect) used to install and manage the trading runtime. These are concrete blockchain/crypto trading controls (wallet address, on-chain positions, position creation/exit) — not generic automation — and therefore constitute direct financial execution capability.