scorpion-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The scanner (scripts/scorpion-scanner.py) calls cfg.mcporter_call("leaderboard_get_markets", ...) which ingests marketplace/leaderboard data (trader counts, SM direction, pct metrics) from external market APIs/third‑party sources and directly uses those untrusted, user-derived fields to decide and execute create_position calls, so external content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly defines trading actions and an integration to execute them. It names markets/assets, trading rules (leverage, margin, max positions, timeouts), entry criteria and score-based selection, and—critically—requires the runtime cron to call create_position via the Senpi MCP. The runtime also includes a WALLET_ADDRESS placeholder and DSL parameters (e.g., leverageType, ensureExecutionAsTaker, FEE_OPTIMIZED_LIMIT). These are concrete, purpose-built mechanisms to place market orders and manage positions (i.e., move funds/expose capital), not generic tooling. Under the decision logic, this is a tool to "send transaction" / "create_position" (explicit market-order execution), so it grants direct financial execution authority.