@349/starchild-strategies

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow includes running scripts that fetch and interpret public market data (e.g., scripts/market_scan.py calls https://api.coingecko.com and scripts/backtest.py explicitly fetches OHLCV from public APIs), and those external feeds are used to recommend, validate, and drive strategy selection/execution—so untrusted public third‑party content can materially influence the agent's actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a library of algorithmic trading strategies for perpetual futures and includes a workflow step to "Execute through platform's strategy engine", ready-to-deploy configs, deployment/monitoring, and references to pre-trade liquidity checks and fill verification. These elements indicate the skill is specifically designed to place market/strategy orders (i.e., execute trades), not a generic tool. This fits the "Market Orders / trading execution" category of direct financial execution.