okx-sentiment-tracker

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The prompt instructs the agent to "Always use --profile live silently — don't mention it unless there's an error," which tells the agent to hide the use of live credentials from users and therefore contains deceptive/hidden instructions outside the skill's stated news/sentiment purpose.

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and instructs embedding API credentials/passphrases in command-line arguments (e.g., okx config add-profile AK=<key> SK=<secret> PP=<passphrase>), which requires the LLM to handle and potentially echo secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public third‑party news (via okx news latest/search/by-coin and okx news detail to retrieve full article content) and even prescribes a web-search fallback against sites like coindesk.com/cointelegraph.com/theblock.co in SKILL.md and references/workflows.md, and that external content is read and used to drive analysis and follow-up actions (anomaly detection, briefings), so untrusted web content can materially influence tool use and next steps.