xxyy-trade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Scan/Tweet flows clearly fetch public, user-generated social links via the Feed and Token Query APIs (e.g., Strategy 3 "Tweet Scan" reads linkInfo.x / token social URLs returned by the Feed/Query endpoints and matches monitored Twitter handles) and uses those external signals to decide which tokens to surface and potentially prompt trading actions, creating a path for indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto trading integration. It documents on-chain trading endpoints (POST /api/trade/open/api/swap) with clear buy/sell parameters, walletAddress, tokenAddress, amount, tip, slippage, and execution/polling rules. It also exposes token-launch endpoints that can create tokens and optionally perform an initial buy. The doc states "API Key = Wallet access" and "XXYY can execute real on-chain trades using your wallet balance" (custodial trading). It provides concrete curl examples to submit swaps and launch buys and enforces strict trade confirmation and polling behavior. These are specific crypto transaction APIs (wallets + send transaction semantics), not generic tooling—so this grants direct financial execution capability.