opentrade-token

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Suspicious — the skill tells users to curl | sh a raw GitHub install.sh and to visit an unfamiliar domain (6551.io) for an API token; running an unreviewed shell script from a possibly new/low-reputation repo and trusting an unknown domain for credentials are strong indicators of high risk (malware or credential theft) unless you manually audit the script and verify the project's trustworthiness.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's runtime workflow (SKILL.md) calls opentrade token commands (e.g., token search, token info, token toplist, token holders) that ingest public token metadata and market data — including websiteUrl, twitterUrl, telegramUrl, discordUrl and trending/toplist data — from open/public sources and uses those fields (communityRecognized, liquidity, holders) to decide warnings and next actions, so untrusted third‑party content can materially influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight checks instruct running curl -sSL https://raw.githubusercontent.com/6551Team/openskills/main/skills/opentrade/install.sh | sh at runtime to install/update the CLI, which fetches and immediately executes remote shell code and the skill relies on that installer, so this is a direct runtime external code-execution dependency.