saas-short-trader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and dry_run_prompt.txt require the agent to call external MCP publishers (notably "sec-filings-intelligence", "google-trends", and "perplexity" / "exa") via mcp__call_publisher and ingest that returned public/search/third‑party content to compute scores and make trade/order decisions, so untrusted web-sourced content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute real trades. It integrates with the Alpaca broker ("alpaca" publisher, checks /v2/account), includes a "live" execution mode and command-line/webhook options that require an allow-live opt-in, and contains scripts and workflow for submitting, persisting, and cancelling live orders (strategy_engine.py with --allow-live, SerenDB order persistence, emergency stop that cancels tracked live orders). It also describes scheduled live runs via seren-cron and API calls to create/manage cron jobs that can trigger live execution. These are specific market-order/broker integrations (not generic HTTP or browser automation), so this skill grants direct financial execution capability.