miniqmt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly connects to external/public data sources (xtdatacenter/xtdata connect, subscribe_whole_quote, get_market_data/get_full_tick, download_history_data and token/address lists, plus external docs/download links like dict.thinktrader.net) and the agent is expected to read and act on that untrusted third‑party market/model data as part of its workflow (including triggering trades), so such content could materially influence tool use and enable indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading interface (MiniQMT via the XtQuant library) whose documented abilities include placing and cancelling market orders and querying/updating trading-related state. The prompt lists specific trading APIs and examples that perform financial actions: xttrader.order_stock (example shows creating an XtQuantTrader, connecting, subscribing an account, and placing a buy order with quantity and price), scripts for "order" and "cancel" (python scripts/trade.py order/cancel), and functions to query assets, positions, and perform fund transfers/credit trading. These are direct market-order and account-control capabilities (real/simulated trading) — i.e., tools to send transactions that move money/assets. Therefore this skill grants direct financial execution authority.