aicoin-trading

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches live market data from third-party APIs (e.g., lib/aicoin-api.mjs calls https://open.aicoin.com and scripts/exchange.mjs uses ccxt to call exchange APIs like ex.fetchTicker, ex.fetchPositions, ex.loadMarkets), and those external responses are read and used by the agent to build previews and to decide/execute orders (see create_order, markets, ticker, positions flows), so untrusted third‑party content can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill conditionally runs npm install at runtime (execSync('npm install --omit=dev')), which will fetch and execute external package code (e.g., ccxt) from the npm registry (https://registry.npmjs.org/) and is a required runtime dependency for exchange functionality, so it constitutes a remote-code-executing external dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading/order-execution tool for crypto exchanges. It defines commands that directly place market orders (node scripts/exchange.mjs create_order with confirmed=true), close positions (close_position), cancel orders, set leverage/trading params, and targets specific exchanges (OKX, Binance, Bybit, etc.). This is a purpose-built financial execution interface (crypto trading), not a generic tool, so it clearly grants direct financial execution capability. The two-step preview/confirm requirement does not change that it sends real trades when confirmed.