aicoin-onchain

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime scripts (lib/okx-api.mjs and scripts/*.mjs) call the public OKX Web3 API (https://web3.okx.com) — e.g., token.mjs trending/hot_tokens, market.mjs signal_list, swap.mjs quote/swap — and the agent is expected to read and act on that external market/token/signal data (affecting swap decisions and safety checks), so it clearly ingests untrusted third‑party content that can influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for on-chain crypto trading and wallet operations (DEX swaps, approvals, gas estimation, broadcasting). It exposes dedicated scripts for quote, approve, swap, broadcast, and a trade.mjs "Full Auto Trade" that explicitly performs quote → approve → sign → broadcast when a WALLET_PRIVATE_KEY is placed in .env. gateway.mjs includes a broadcast endpoint and trade.mjs can derive/sign with the provided private key. These are specific crypto/blockchain transaction actions (sending/switching funds, signing, broadcasting) — not generic tooling — so it grants direct financial execution capability.