meerkat-strategy

Warn

Audited by Snyk on Jun 28, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). Outsider free text can enter the LLM context via the meerkat_entry action’s decision_mode: llm where the runtime passes {{signal_meerkat_signals}} (derived from producer-emitted reasons/fields) into decision_prompt; those fields originate from MCP tool outputs (leaderboard_get_momentum_events, leaderboard_get_markets, market_get_asset_data) which are not authored by the operating user.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly a trading strategy whose purpose is to "snip[e] the freshest, highest-tier momentum events" and "enter[] in the move's direction." It defines trading-specific behavior: entry gates, score-based trade firing, "taker-true entry" (market/taker execution), DSL order/exit presets (ladder T0→T4 percentages), max_loss_pct, and a 36h hard_timeout. Although it lists data-feed calls (leaderboard_get_momentum_events, market_get_asset_data), the DSL and language make clear it performs market entries (buy/sell execution) rather than being a generic data tool. This is a direct market-order trading capability (explicitly designed to move money), so it matches the "Market Orders (Buying/Selling assets)" criterion for Direct Financial Execution.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 28, 2026, 08:48 PM
Issues
2
Security Audit — snyk — meerkat-strategy