longbridge-core

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and interpret open/public news and community discussion (e.g., longbridge news / longbridge topic CLI commands, the ContentContext APIs, and longbridge.com/*.md pages referenced in SKILL.md and references/llm.md), which are untrusted/user-generated or third‑party content and are used to drive analysis and recommendations.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs AI clients to fetch and ingest remote docs at runtime (e.g. https://open.longbridge.com/llms.txt and https://longbridge.com/en/quote/TSLA.US.md) and to connect to the MCP tool endpoint (https://openapi.longbridge.com/mcp), which directly supplies model context or exposes callable tools — i.e., runtime external content that can control prompts or agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading platform with APIs/SDKs for orders and account management. It references TradeContext (orders, account, executions), a SubmitOrderOptions builder in the Rust SDK, "Programmatic order strategy → SDK", and account-level commands (assets, buying power, positions, statement). These are specific, purpose-built financial execution functions (placing market/orders and managing account funds), not generic tooling. Therefore it grants direct financial execution capability.