aicoin-trading

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill clearly fetches and ingests data from public third‑party APIs (lib/aicoin-api.mjs calls https://open.aicoin.com and scripts/exchange.mjs uses ccxt to query exchange APIs such as Binance/OKX) and the agent is required to read and act on that data to build orders and decide trades, so external (untrusted/public) content can materially influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The script scripts/exchange.mjs will auto-install ccxt at runtime via execSync('npm install --omit=dev'), which fetches and installs code from the npm registry (e.g. https://registry.npmjs.org/ccxt) causing remote code to be downloaded and executed as a required dependency for exchange operations.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading/order-execution tool for crypto exchanges. It defines commands that directly place market orders (node scripts/exchange.mjs create_order with confirmed=true), close positions (close_position), cancel orders, set leverage/trading params, and targets specific exchanges (OKX, Binance, Bybit, etc.). This is a purpose-built financial execution interface (crypto trading), not a generic tool, so it clearly grants direct financial execution capability. The two-step preview/confirm requirement does not change that it sends real trades when confirmed.