@1826/funding-rate-arb

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 1 explicitly requires fetching live funding rates from public third-party sources (Coinglass premium API and multiple exchange APIs such as Hyperliquid, Binance Futures, Bybit, OKX, etc.), and those untrusted external data are read and used to compute rankings, size recommendations, and trade decisions, so they can materially influence the agent's actions.