bitget

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md instructs the agent to call Bitget's bgc CLI (e.g., public tickers and copytrading endpoints) and explicitly to "read error.suggestion" from bgc responses, so it ingests external Bitget API responses (third-party content) that the agent is expected to interpret and which can influence subsequent actions (e.g., recovery steps, order decisions).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Bitget exchange integration with commands for placing and cancelling spot and futures orders, managing positions and leverage, transferring funds between accounts, executing convert (swap) operations, withdrawals, and other account write operations. These are direct crypto trading and fund-movement capabilities (market/futures orders, transfers, withdrawals, convert/execute), not generic tooling. Therefore it grants direct financial execution authority.