hummingbot-developer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes explicit passphrases and plaintext credentials in example commands (e.g., --passphrase=hummingbot, -u admin:admin, GATEWAY_PASSPHRASE=admin), which requires the agent to handle and emit secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows and scripts clearly fetch and run public third‑party content (e.g., git fetch/checkout in scripts/select_branches.sh and install_all.sh, curl/downloads in install_deps.sh, pip/pnpm installs and Docker pulls, and the run_dev_stack.sh + scripts/test_integration.py that call/parse HTTP endpoints), which are untrusted/public sources whose code and responses the agent is expected to read/interpret and that can materially influence subsequent build/run/test actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's install_deps.sh runs at runtime and downloads+executes remote installer scripts (e.g., /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)", curl -fsSL https://get.docker.com | sh, curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash, and Miniconda installers from https://repo.anaconda.com/...), which clearly fetch and execute remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly for running and developing Hummingbot and its Gateway/API stack — a crypto trading platform. The prompt describes concrete, finance-specific capabilities: Gateway configuration for blockchain networks (RPC node URLs), Gateway wallet access and wallet listing, running a trading CLI (hummingbot_quickstart.py), DEX connectors, and an API endpoint to deploy bot orchestration ("/bot-orchestration/deploy-v2-controllers" with credentials_profile). These are not generic developer tools; they are specific crypto/market-operational components that can control wallets and run trading bots (i.e., execute market orders / on-chain interactions). Therefore it provides direct financial execution capability.