okx-dex-trenches

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly fetches public third‑party content (e.g., Pre-flight curl calls to the GitHub API and raw.githubusercontent.com in _shared/preflight.md) and subscribes/ingests real‑time on‑chain and social data via the WebSocket protocol (references/ws-protocol.md) — including token names, social links (X/Telegram/websites) and on‑chain metadata — which the agent is expected to read and use for token safety/dev reputation analysis, so untrusted external content can materially influence decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's preflight step fetches and executes remote installer scripts (e.g., curl -sSL "https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh" -o /tmp/onchainos-install.sh and the Windows equivalent Invoke-WebRequest "https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.ps1") at runtime to install/update the CLI, which is remote code downloaded and executed and is required by the skill.