opentrade-portfolio

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Suspicious — the skill instructs running a remote install script (curl | sh) hosted on raw.githubusercontent.com from an unvetted GitHub org (6551Team) and references an opaque short domain (6551.io) for tokens; while raw.githubusercontent is a common host, executing unknown .sh content and trusting an unfamiliar domain/Repo is a high-risk pattern for malware or credential theft.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflows explicitly run opentrade CLI commands (e.g., "opentrade portfolio all-balances", "opentrade token search") and even instruct fetching an installer from raw.githubusercontent.com, which ingests public third‑party API responses and token metadata (including tokenContractAddress and balances) that the agent reads and uses to decide/execute swaps, so untrusted external content can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill runs curl -sSL https://raw.githubusercontent.com/6551Team/openskills/main/skills/opentrade/install.sh | sh at runtime (install/update/reinstall steps), which fetches and immediately executes remote code and is relied on as the installer, so this is a high-risk runtime dependency.