aster-deposit-fund

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches asset lists and the deposit address from Aster's public BAPI (https://www.asterdex.com/bapi/... as shown in scripts/common.mjs and SKILL.md) and directly uses those responses (token contract addresses and deposit recipient) to decide and execute on-chain transactions, so external/untrusted API content can materially change agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill fetches runtime JSON from https://www.asterdex.com/bapi/futures/v1/public/future (used by getAssets and getDepositAddress), and that data (asset metadata and the deposit address) directly controls on‑chain actions (which token/address to approve/send) and is required for the scripts to operate.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to move cryptocurrency: it requires a wallet private key (ASTER_DEPOSIT_PRIVATE_KEY), describes deriving the address, and instructs the agent to sign on-chain transactions (native sends and ERC-20 approve/transfer) to a deposit address. It also includes runnable scripts (deposit.mjs) and RPC configuration for executing those transactions. This is a specific crypto/blockchain execution capability (signing and sending transactions), not a generic tool — therefore it grants direct financial execution authority.