okx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill explicitly runs OKX CLI commands (e.g., execFileSync('onchainos', ...) to ingest OKX signals/trending/token data) and makes requests to public Helius endpoints (e.g., https://mainnet.helius-rpc.com, api.helius.xyz, LaserStream) whose untrusted, publicly-published market/signals content is parsed and used to make trading decisions and submit transactions, so third-party content can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs runtime installation that fetches and executes remote code — notably via "npx skills add okx/onchainos-skills" and the curl|bash command at https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh which would download and run a script, making these required external dependencies that execute remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides and instructs on performing crypto financial operations: OKX DEX swap aggregation for trading (quotes, routing, swap execution), and Helius "Sender" for transaction submission/broadcasting. It contains explicit operational rules for submitting swap transactions (e.g., ALWAYS submit via Helius Sender, include skipPreflight/maxRetries), references swap/trade/ buy/sell flows, trading bots/HFT, and portfolio/trade execution patterns. These are specific crypto transaction and execution capabilities (wallet/tx submission and swap execution), which meet the Direct Financial Execution criteria.