aicoin-account

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime scripts (e.g., scripts/exchange.mjs using ccxt to loadMarkets/fetchTicker/fetchTrades and lib/aicoin-api.mjs calling https://open.aicoin.com via apiGet) fetch and ingest data from public third‑party APIs (exchange APIs and AiCoin endpoints) which the agent parses and uses to drive decisions and actions (balance/positions, order previews/execution, tier checks), exposing it to untrusted external content that could indirectly influence tool behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for exchange account management on specific crypto exchanges (Binance, OKX, Bybit, Bitget, etc.) and includes commands that perform non-read actions: notably a "Transfer funds" command (node scripts/exchange.mjs transfer ...) which moves assets between accounts, plus API key setup in .env for those exchanges. These are specific crypto/exchange financial operations (not generic tooling), so it grants direct financial execution capability.