Skills
skills/bingx-api/api-ai-skills/bingx-coinm-ws-account/Snyk

bingx-coinm-ws-account

Fail

Audited by Snyk on Apr 22, 2026

Risk Level: HIGH
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly connects to the public BingX WebSocket endpoint (wss://open-api-cswap-ws.bingx.com/market?listenKey=) and the SKILL.md / api-reference require ingesting and acting on auto-pushed account/order/config events, so untrusted third-party data is read and can materially influence agent actions (e.g., filtering, reconnecting, responding to order/account events).

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I scanned for high-entropy literal values that would provide direct access. The JSON response example contains a long hex token:

{"listenKey": "a8ea75681542e66f1a50a1616dd06ed77dab61baa0c296bca03a9b13ee5f2dd7"}

This is a high-entropy, literal credential-like value (64 hex chars) and appears to be a real listenKey that would grant WebSocket account access — so it should be treated as a secret.

Ignored items and why:

  • Header placeholder X-BX-APIKEY: <your-api-key> and variables like API_KEY / SECRET_KEY are placeholders (documentation) — ignored.
  • X-SOURCE-KEY: "BX-AI-SKILL" is a non-sensitive identifier (low entropy) — ignored.
  • WebSocket URL uses ?listenKey=<key> placeholder — ignored.
  • Other example strings and simple words in the doc are low-entropy examples or placeholders per the rules — ignored.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly for a crypto exchange (BingX coin-margined futures) and includes account-level WebSocket streams for balances, position and order updates, plus REST endpoints and HMAC signing for generating/extending/deleting listen keys. This is a specific financial integration with crypto account/authentication functionality (not a generic tool), and it exposes account/order-related data and signed API usage. Therefore it meets the "crypto/blockchain" category of direct financial capability.

Issues (3)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
HIGH
Analyzed
Apr 22, 2026, 02:36 PM
Issues
3