lifi-plugin
Warn
Audited by Snyk on Jun 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required runtime workflow for this skill ingests outsider-authored free text from LI.FI’s public REST API (e.g.,
GET /quote,POST /advanced/routes,GET /status) and includes it in the agent-visible JSON context (notablytransactionRequest.data/to/estimatefields and error bodies), which is untrusted external content that can contain attacker-controlled strings.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's auto-injected pre-flight steps download and execute remote installers/binaries at runtime (notably "https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh" which is fetched and run with sh, and "https://github.com/okx/plugin-store/releases/download/plugins/lifi-plugin@0.1.1/lifi-plugin-… " which is downloaded and installed), so remote content is fetched and executed as a required dependency.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly provides end-to-end crypto asset transfer capabilities: a
bridgecommand that builds quotes, performs ERC‑20 approve, and — when invoked with--confirm— callsonchainos wallet contract-callto sign and submit on‑chain transactions (including polling receipts and returning tx hashes). This is specifically designed to move crypto funds across chains (swaps/bridges) and thus grants direct financial execution authority (with an explicit live/confirm flow but still able to sign/broadcast transactions).
Issues (3)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata