opentrade-wallet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill directly calls external ai.6551.io endpoints (e.g., /open/trader/{router}/{version}/balance/all-balances, /balance/history and related token/market endpoints) to fetch public wallet balances, token metadata and transaction history, and those responses are explicitly read and used in the workflows (e.g., Pre‑Swap Balance Check) to decide follow-up actions like executing swaps, so untrusted third‑party content can influence agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto wallet/portfolio API: it exposes specific endpoints for wallet balances, total portfolio value, token balances and transaction history across many blockchains (includes chainIndex mapping, minimal units/decimals, and USD value). It is clearly designed for cryptocurrency wallet operations (a financial domain) and is part of an ecosystem that includes swap execution and transaction broadcasting. Even though this particular skill appears read-only (balance/portfolio queries), it is a dedicated crypto wallet capability (not a generic tool) and directly relates to financial assets, so it meets the "crypto/wallets" criterion for Direct Financial Execution risk.