pangolin-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs installers to curl runtime.yaml and the producer scripts from raw.githubusercontent.com (public GitHub) and the runtime loads runtime.yaml (which contains the LLM decision_prompt and action config), so publicly-hosted, untrusted files are fetched and directly influence the agent's LLM prompts and execution behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading strategy with runtime-managed order execution. The prompt describes producer->runtime flow where the runtime performs OPEN_POSITION via FEE_OPTIMIZED_LIMIT and manages DSL exits (maker-first with taker fallback). It requires a strategy wallet (PANGOLIN_WALLET / WALLET_ADDRESS), reads clearinghouse/account state, enforces leverage/margin settings, and declares order types and lifecycle (entries, exits, hard timeouts). These are explicit market-order and position-management operations (i.e., sending transactions/orders to trade), not generic tooling. Therefore it grants direct financial execution authority.