@349/lighter-dex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly fetches and interprets public, third‑party Lighter API data (e.g., mainnet.zklighter.elliot.ai and app.lighter.xyz via tools.py, scripts/market_lookup.py, lighter_orderbook(), lighter_trades(), lighter_candles() and the z_reversion_bot) and uses that untrusted market/user-generated data to drive automated trading decisions and order placement, so external content can materially influence the agent's actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading client for Lighter DEX and exposes direct order-placement and account-management APIs. It requires API keys and account indexing, and includes functions to place market/limit orders (lighter_order), conditional orders (lighter_stop_loss, lighter_stop_limit, lighter_take_profit, lighter_take_profit_limit), TWAP execution (lighter_twap_order), set leverage (lighter_leverage), cancel/modify orders (lighter_cancel, lighter_modify_order), and view balances/positions. These are specific, purpose-built financial execution capabilities for buying/selling perpetual futures and managing positions — not generic tooling.