aster-api-websocket-v3

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs connecting to wss://.../ws/ and describes obtaining a listenKey (a secret token) to be placed verbatim in the WebSocket URL/requests, which would require the LLM to handle and output the secret value directly, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly requires connecting to the public WebSocket endpoint (wss://fstream.asterdex.com) and fetching REST snapshots (GET /fapi/v3/depth) to ingest live market and user-stream events which the agent must parse and act on for order-book sync and trading decisions, so external untrusted third‑party data can materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a specific WebSocket API for a crypto/futures exchange (Aster Futures). It explicitly provides market and user data streams (orders, balances, positions), signed listenKey management, and events like ORDER_TRADE_UPDATE and ACCOUNT_UPDATE. This is not a generic tool — it is tied to a trading platform and directly relates to trading/account activity on an exchange, which constitutes direct financial execution capability.