tqsdk

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes many code examples that pass account usernames/passwords or API auth as plain string literals (e.g., TqAuth("快期账户", "账户密码")), which would require an agent to include secrets verbatim in generated code/commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill’s documentation and workflow explicitly instruct runtime ingestion of external public data (e.g., live market data via api.get_quote / get_kline_serial / DataDownloader and integrating the TianQin EDB Data SKILL with the Coze/扣子 natural-language SKILL as shown in references/api_ref_14_自然语言投研edb_数据服务_扣子coze.md), which are untrusted third‑party sources and are used to drive trading decisions, so external content could indirectly inject instructions or change tool actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading SDK for futures/options/stocks and exposes direct trading APIs and account interfaces. It includes functions to place and cancel orders (api.insert_order, market/limit orders), wait for fills, manage target positions (TargetPosTask, target_pos.set_target_volume), algorithmic execution modules (TWAP, VWAP), real/模拟/多账户 and direct gateway connections (TqAccount, TqCtp, TqKq, TqSim), and account/position queries (api.get_account, api.get_position). These are concrete, purpose-built capabilities to execute market orders and manage real trading accounts (including credentials), i.e., to move money/positions. Therefore it grants Direct Financial Execution Authority.