okx-dex-signal

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly runs the onchainos CLI (e.g., "onchainos signal list" in SKILL.md Operation Flow and references/cli-reference.md) to fetch live signals and token metadata from public on-chain/third-party sources, and those returned fields (token.tokenAddress, price, triggerWalletAddress, etc.) are consumed and handed off into follow-up tooling (okx-dex-token, okx-dex-swap), so untrusted external content can materially influence agent decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs at runtime to download and execute a remote installer (required when onchainos is missing) from raw.githubusercontent.com — e.g. https://raw.githubusercontent.com/okx/onchainos-skills/v1.0.3/install.sh (and the Windows equivalent https://raw.githubusercontent.com/okx/onchainos-skills/v1.0.3/install.ps1) — which fetches and runs remote code, so this is a high-confidence runtime dependency that can execute remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is part of an OKX DEX suite and although its primary commands are signal-listing, the prompt explicitly documents and links to onchainos swap execution commands and cross-skill workflows that perform token buys. It shows concrete crypto transaction commands (e.g., "onchainos swap swap --from ... --to --amount ... --chain solana --wallet ") and instructs buying tokens as a follow-up step. Those are explicit crypto swap / wallet transaction operations (sending on-chain transactions), not generic tooling. Therefore it grants direct financial execution capability.