aicoin-freqtrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly fetches and ingests data from the public AiCoin API (BASE=https://open.aicoin.com) via lib/aicoin-api.mjs and lib/aicoin_data.py and the SKILL.md / strategy code explicitly uses those AiCoin endpoints (e.g., funding_rate, big_orders, ai_analysis) to drive trading decisions, so untrusted third‑party content can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains runtime commands that fetch and execute remote code (host-mode deploy path), notably "curl -LsSf https://astral.sh/uv/install.sh | sh" and "git clone https://github.com/freqtrade/freqtrade.git" which will download and run external code during execution.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly designed to control a trading daemon and includes direct trade-execution and live/sim-toggle operations. It exposes commands like force_enter / force_exit (manual open/close trades), set_dry_run (can switch dry_run:false → live trading), deploy with {"dry_run":false}, and other actions that will cause the bot to place or close market orders. Those are explicit market-order / trading controls (i.e., moving money), not generic tooling. Therefore it grants direct financial execution authority.