aicoin-market

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt both forbids inline credentials in general but explicitly documents an update_key command that takes a JSON payload with "secret":"xxx" (and requires using that command to change keys), which means the agent may be prompted to accept and embed API secrets verbatim into generated shell commands — a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows and scripts (e.g., scripts/twitter.mjs, scripts/news.mjs, scripts/airdrop.mjs, scripts/drop_radar.mjs) call AiCoin OpenData endpoints on open.aicoin.com to fetch public news, tweets, airdrop/project listings and team/X-following data — all untrusted, user-generated or public third‑party content that the agent is expected to read and use per SKILL.md, enabling indirect prompt-injection risk.