okx-cex-trade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to fetch and interpret live public data from OKX (e.g., okx event browse / okx event markets, okx option instruments, okx market index-candles) as part of required workflows (see "Event Contract Workflows" and "Scenario 3" which asks the agent to fetch candles and analyze them), thereby exposing it to untrusted third‑party content that can materially affect decisions and tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading CLI for OKX that requires API credentials and provides write commands to place, cancel, amend, and close market/limit/algo orders across spot, swaps (perpetual), futures, options, and event contracts, plus setting leverage and closing positions. These are direct market order and account-control operations (i.e., moving/allocating real funds and executing trades). Per the decision logic, this is a tool whose primary and explicit purpose is to send transactions to a financial exchange, so it grants direct financial execution authority.