ai-trader-copytrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches user-generated trading signals from public endpoints (e.g., GET /api/signals/feed and https://api.ai4trade.ai) and the agent is expected to read those signals and automatically follow/copy positions, so untrusted third-party content can directly influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's auto-install example explicitly fetches remote skill content at runtime from https://ai4trade.ai/skill/copytrade (via requests.get or curl) and states that "skill_content contains complete installation and configuration instructions," meaning the fetched content can directly control agent instructions and installation behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements copy-trading functionality and APIs to open/close positions on behalf of a follower. It includes endpoints and configuration for "One-Click Follow", "Auto Position Sync", POST /api/signals/follow, autoCopyPositions/autoFollow settings, and a Position Sync section that states "you automatically open the same position" and "you also close the copied position". These are specific market-order/trading execution capabilities (automatic trade execution), not generic tooling. Therefore it grants Direct Financial Execution authority.