binance-spot-openapi-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md core workflow and prerequisites explicitly direct the agent to fetch and use public Binance endpoints (https://api.binance.com, https://testnet.binance.vision) and a public OpenAPI schema at https://raw.githubusercontent.com/... so external JSON/schema content from those third-party URLs is ingested and can directly influence operation discovery and order decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to operate Binance Spot trading APIs, including authenticated account reads and signed write operations that place and cancel orders. It documents credentials (API keys, Ed25519/HMAC secrets), signer bindings, and concrete endpoints for order placement (post:/api/v3/order), test orders, and order cancellation (delete:/api/v3/order, delete:/api/v3/openOrders). It also instructs how to execute mainnet vs testnet flows and how to sign requests. These capabilities are specifically intended to execute market trades and modify account state on an exchange (i.e., move/value assets), not generic tooling. Therefore this skill grants Direct Financial Execution authority.