aicoin-market

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt both forbids inline credentials in general but explicitly documents an update_key command that takes a JSON payload with "secret":"xxx" (and requires using that command to change keys), which means the agent may be prompted to accept and embed API secrets verbatim into generated shell commands — a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill's REQUIRED workflow in SKILL.md instructs running its scripts (e.g., scripts/twitter.mjs, scripts/news.mjs, scripts/airdrop.mjs, scripts/drop_radar.mjs) which call the AiCoin OpenData API to fetch public news, Twitter/X tweets and community-driven airdrop/project data, so the agent ingests untrusted, user-generated third-party content that could carry instructions influencing subsequent actions.