okx-dex-market

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required workflows and CLI commands (e.g., onchainos market price / kline / portfolio-dex-history / portfolio-overview referenced throughout SKILL.md and references/cli-reference.md) explicitly fetch and display public on-chain and token metadata/transaction data from open third-party sources (token names/symbols, tx histories, index prices), which the agent is expected to read and reuse (e.g., data handoffs and buy/swap decision steps), so untrusted user-generated public content can materially influence subsequent tool use and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight checks download and execute a remote installer at runtime from https://raw.githubusercontent.com/okx/onchainos-skills/v1.0.4/install.sh (and the Windows equivalent https://raw.githubusercontent.com/okx/onchainos-skills/v1.0.4/install.ps1), which directly executes fetched remote code and is a required dependency for the CLI to run.