wolverine-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The scanner explicitly ingests public market and leaderboard data via mcporter_call calls (e.g., leaderboard_get_markets and market_get_asset_data) in scripts/wolverine-scanner.py and the SKILL.md/README, and that untrusted, user-generated leaderboard/market content (from Hyperliquid/public MCP endpoints) is parsed and used to gate entries, scoring, and hard-blocks—so external content can materially alter decision and tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a self-executing trading strategy: it requires a strategy wallet, runtime config with a wallet address, and is described as "Self-executing via create_position" that "fires a HYPE entry at conviction-scaled leverage (7x or 10x) with FEE_OPTIMIZED_LIMIT order type." It also includes order management (auto-cancel stale maker orders), position syncing via sync_closed_positions(wallet, state), and persistent logs of ENTRY/EXIT events. These are specific, purpose-built financial execution primitives (placing leveraged market/limit orders, managing positions) rather than generic tooling. Therefore it grants direct financial execution authority.