aicoin-freqtrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests live data from the public AiCoin Open API (see SKILL.md and code in lib/aicoin_data.py / lib/aicoin-api.mjs and scripts/ft-deploy.mjs) and the strategy files (e.g., strategies/*.py) read and act on untrusted third‑party responses such as funding_rate, big_orders, ls_ratio and ai_analysis to make trading decisions, so external content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The deploy script runs at runtime and fetches & executes remote code — it clones https://github.com/freqtrade/freqtrade.git and runs its setup.sh, and on macOS may run curl -LsSf https://astral.sh/uv/install.sh | sh, which are runtime downloads that execute external code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for live cryptocurrency trading and bot deployment. It includes commands to deploy and run trading bots (ft-deploy.mjs deploy, ft.mjs start/stop/status, ft.mjs force_enter/force_exit), references an exchange trading integration (aicoin-trading) and requires exchange API keys (BINANCE_API_KEY / SECRET). The skill’s primary purpose is creating, backtesting, and deploying strategies that execute market orders in live/dry-run mode, so it provides direct financial execution capability.