meerkat-strategy
Warn
Audited by Snyk on Jun 28, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (medium risk: 0.65). Outsider free text can enter the LLM context via the
meerkat_entryaction’sdecision_mode: llmwhere the runtime passes{{signal_meerkat_signals}}(derived from producer-emittedreasons/fields) intodecision_prompt; those fields originate from MCP tool outputs (leaderboard_get_momentum_events,leaderboard_get_markets,market_get_asset_data) which are not authored by the operating user.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly a trading strategy whose purpose is to "snip[e] the freshest, highest-tier momentum events" and "enter[] in the move's direction." It defines trading-specific behavior: entry gates, score-based trade firing, "taker-true entry" (market/taker execution), DSL order/exit presets (ladder T0→T4 percentages), max_loss_pct, and a 36h hard_timeout. Although it lists data-feed calls (leaderboard_get_momentum_events, market_get_asset_data), the DSL and language make clear it performs market entries (buy/sell execution) rather than being a generic data tool. This is a direct market-order trading capability (explicitly designed to move money), so it matches the "Market Orders (Buying/Selling assets)" criterion for Direct Financial Execution.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata