okx-dex-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required pre-flight (see _shared/preflight.md) instructs the agent to fetch release metadata from the public GitHub API and download installer/checksum files from raw.githubusercontent.com (open/public third‑party content) and to parse tag_name/checksums and potentially execute the installer, so the agent consumes and acts on untrusted web-hosted content as part of its normal workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's preflight step instructs runtime fetches from GitHub (e.g. curl "https://api.github.com/repos/okx/onchainos-skills/releases/latest") and downloads+executes the installer script from https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh (sh /tmp/onchainos-install.sh), so remote content is fetched at runtime and executed to satisfy a required dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and specifically designed to perform crypto trading operations via the OKX Agentic Wallet. It exposes targeted subcommands to create price-triggered limit orders (onchainos strategy create-limit), cancel orders, resume suspended orders, and list active/historical orders, references token contract addresses, chain IDs, slippage, MEV protection, TEE signing, txHash handling, and order execution flow. These are direct blockchain/crypto financial actions (placing and managing on-chain limit trades), not generic tooling. Therefore it grants Direct Financial Execution Authority.