spot

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt asks the agent to accept raw API keys/secret keys and to compute and append AccessKeyId and an HMAC-SHA256 signature to request query strings (and may embed keys in requests), which forces the model to handle and output secret values or secret-derived signatures verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and consumes public HTX API data from api.huobi.pro (e.g., /market/tickers, /market/trade, /v1/account/accounts) as described in SKILL.md and references/authentication.md, and that live third-party data is read and used to make trading decisions and drive actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and specifically designed for cryptocurrency spot trading on HTX/Huobi. It includes authenticated endpoints and procedures to move funds and execute market actions (e.g., /v1/order/orders/place, /v1/order/batch-orders, cancel endpoints, batchCancelOpenOrders), requires API key and secret and request signing (HMAC SHA256), and describes account management and mainnet transaction behavior. These are direct market-order and wallet-trading capabilities (not generic tooling), so the skill grants direct financial execution authority.