aster-api-spot-account-v3
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: CRITICAL
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill interacts with the API base URL 'https://sapi.asterdex-testnet.com' for all documented operations. This domain is recognized as a vendor-owned resource for the author 'asterdex'.
- [DATA_EXFILTRATION]: The skill facilitates sensitive operations including asset withdrawals, transfers, and API key management on the Aster Spot Testnet.
- [PROMPT_INJECTION]: The skill possesses an Indirect Prompt Injection surface (Category 8). Ingestion points: User account data and trade history are retrieved from the Aster API ('GET /api/v3/account', 'GET /api/v3/userTrades'). Boundary markers: No markers or instructions are provided to the agent to distinguish between data and potential instructions in API responses. Capability inventory: The skill can perform high-privilege actions like asset withdrawals ('POST /api/v3/aster/user-withdraw') and wallet transfers ('POST /api/v3/asset/wallet/transfer'). Sanitization: There is no documented validation or sanitization of the data ingested from the external API.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata