okx-cex-skill-mp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads skill zip packages from the OKX Skills Marketplace API (see "What happens under the hood: Downloads skill zip from OKX marketplace API" and the install/download commands) and extracts/reads SKILL.md and metadata, which are third‑party user-contributed prompt packages that can change agent behavior—exposing the agent to untrusted content that could contain indirect prompt-injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The okx skill add flow downloads a skill ZIP from the OKX Skills Marketplace API at the marketplace download endpoint (used at runtime by okx skill add), extracts the SKILL.md which directly supplies agent prompts/instructions (and npx skills add may execute remote install code), so the marketplace download URL (OKX Skills Marketplace API
• the skill ZIP download endpoint used by okx skill add) is a runtime external dependency that can control prompts or execute code.