bitget-wallet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and processes third‑party web resources (e.g., the x402 payment flow and scripts/x402_pay.py which retrieve paid external URLs like Pinata, plus market/alpha endpoints that return media_list/social links and KOL addresses in docs/alpha.md and docs/address-find.md), and those untrusted/user-generated contents are consumed by the agent and used to drive trading/discovery decisions, creating a clear path for indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto wallet/trading integration with end-to-end execution capabilities. It defines a full trade flow (quote → confirm → makeOrder → sign → send), provides one-shot execution scripts (order_make_sign_send.py for mnemonic/private key and social_order_make_sign_send.py for Social Login), includes signing APIs (social-wallet.py core sign_transaction / sign_message), and even x402 payment and RWA stock trading endpoints. These are specific crypto/blockchain payment and trading tools (wallets, swaps, signing, sending transactions), not generic callers or browser automation. Therefore it grants direct financial execution authority.