helius-okx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly runs the external OKX onchainos CLI and calls public OKX/Helius HTTP endpoints (see SKILL.md and references/integration-patterns.md where execFileSync('onchainos', ...) and fetch(...) are used to ingest trending/signal/token/dev data) and then parses those untrusted, public outputs to make safety checks and trading/automation decisions (e.g., whether to execute swaps), so third-party content can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs users at runtime to run a remote install script that will be fetched and executed (curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | bash), and similarly recommends using npx to fetch/execute helius-mcp, which are required installation steps that execute remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. The skill is explicitly designed for crypto trading and transaction submission on Solana: it references OKX DEX swap aggregation, OKX swap execution, Helius Sender for transaction submission, priority fee estimation, LaserStream for low-latency trading, and required OKX/Helius API keys. It contains concrete, domain-specific execution capabilities (swap/broadcast flows, transaction submission instructions, and MCP Sender tools) — i.e., tools to send signed blockchain transactions and execute trades. This meets the "Direct Financial Execution" criteria (crypto/wallets/swaps/signing).