aicoin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches public third‑party content from the AiCoin Open API (e.g., news via scripts/news.mjs, Twitter/X via scripts/twitter.mjs, market/hl-market endpoints) and SKILL.md's Automated Trading Guide and cron instructions require the agent to read and analyze that untrusted/user-generated data to decide and execute trades (auto-trade.mjs), so external content can directly influence tool use and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Flagged: ft-deploy.mjs uses git clone https://github.com/freqtrade/freqtrade.git at runtime and immediately runs the repo's ./setup.sh -i, which fetches/contains remote code that is executed as part of the deployment (thus external content controls code execution).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for crypto financial operations. It includes direct trading and execution APIs and scripts: e.g., scripts/exchange.mjs exposes create_order, cancel_order, set_leverage, transfer; auto-trade.mjs can open positions (checks balance, sets leverage, places market orders, and places stop-loss/take-profit); ft-deploy.mjs and ft.mjs support deploying and controlling a Freqtrade bot (including switching to live trading with dry_run:false and starting/stopping live trades). The description explicitly instructs using exchange API keys (BINANCE_API_KEY, OKX, etc.) and performing spot/futures trades, so the skill’s primary purpose is to move money/trade assets.