bybit-trading

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime auto-update background sub-agent fetches https://api.bybit.com/skill/manifest and then downloads updated SKILL.md/modules/*.md from GitHub raw URLs, ingesting that fetched free-text into the agent’s context (indirect prompt injection risk from outsider-authored remote content).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's auto-update and module router explicitly fetch a runtime manifest from https://api.bybit.com/skill/manifest and then download SKILL.md and module files from https://raw.githubusercontent.com/bybit-exchange/skills/main/ (e.g., https://raw.githubusercontent.com/bybit-exchange/skills/main/SKILL.md), and those fetched markdown files are loaded/used to control the agent's instructions and modules at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform trading on Bybit and contains concrete, specific financial-execution capabilities: it provides authenticated Bybit API details, signing algorithms (HMAC/RSA), environment-variable credential handling, full curl examples for POSTing orders (e.g., POST /v5/order/create), endpoints for account/balance queries, and a Mainnet/Testnet execution flow with structured confirmation and rate-limit/backup rules. These are not generic HTTP or browser instructions but explicit payment/trading APIs and examples to send transactions (place/cancel orders, transfer, etc.). Therefore it grants direct financial execution authority.