aicoin-market

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires running an update_key command that takes the API secret in-line (node scripts/coin.mjs update_key '{"key_id":"xxx","secret":"xxx"}'), which would force the LLM to include secret values verbatim in generated commands/outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md) mandates running scripts like scripts/twitter.mjs, scripts/news.mjs, scripts/airdrop.mjs and drop_radar.mjs which call AiCoin Open API endpoints (e.g., twitter/search, newsflash, airdrop) to fetch live public tweets, news and user-generated project data that the agent is expected to read and act on, creating a clear vector for indirect prompt injection.