aicoin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches public, potentially user-generated news/content from AiCoin's open API (e.g., open.aicoin.com endpoints like /api/v2/content/news-list and news-detail called in scripts/news.mjs), and those fetched third‑party contents are consumed by the agent and can be used together with trading/tooling commands (scripts/exchange.mjs, scripts/ft.mjs), so untrusted content could materially influence decisions or actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides crypto trading and account control functionality. It includes an "exchange" script (CCXT) with actions that place and manage trades and funds (create_order, cancel_order, set_leverage, set_margin_mode, transfer, balance, open_orders) and requires exchange API keys (e.g., BINANCE_API_KEY / SECRET). It also exposes Freqtrade bot control (start/stop trading, force_enter, force_exit, cancel_order, balance) which can execute live trades. These are specific tools to send transactions and move funds, not generic data-only endpoints.