aster-api-spot-websocket-v3

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs connecting to and subscribing to external WebSocket streams at wss://sstream.asterdex-testnet.com and fetching public endpoints like GET /api/v3/depth and a user listenKey, meaning the agent will ingest untrusted, third-party market and user-stream messages as part of its runtime workflow which can influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a crypto exchange Spot API (Aster Spot Testnet) providing market and user data streams. It explicitly describes user-authenticated endpoints to obtain a signed listenKey, keepalive and close user data streams, and exposes executionReport and outboundAccountPosition events (order updates and balances). This is a purpose-built trading/crypto API (spot market streams) used in the context of placing and monitoring orders on an exchange. Under the rules, this is a specific financial/crypto integration (not a generic tool), so it represents direct financial execution capability.