bitmart-exchange-spot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md and scenarios explicitly instruct the agent to fetch and parse live data from BitMart's public API (e.g., GET /spot/quotation/v3/ticker, GET /spot/v1/symbols/details and other endpoints) and to use those responses to decide and execute trading actions, so it consumes external third-party content that can materially influence tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for cryptocurrency spot trading and includes multiple write endpoints to move funds and execute trades: e.g., POST /spot/v2/submit_order (place order), POST /spot/v1/margin/submit_order (margin order), POST /spot/v4/batch_orders, cancel endpoints, and margin borrow/repay/transfer endpoints. It also documents signed authentication, signature generation, and workflows for placing and verifying orders. These are specific market-order and wallet-management operations (not generic tooling), so it grants Direct Financial Execution authority.