okx-dex-token

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly fetches and ingests open/public third‑party content (e.g., preflight curl calls to the GitHub API and raw.githubusercontent.com, hot-tokens using X/Twitter mention data, token fields like tokenName/tokenLogoUrl/explorerUrl, trades' txHashUrl and poolLogoUrl, and onchain data from public explorers) which the agent is expected to read and use to drive workflows and suggestions, creating a pathway for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The preflight step fetches and executes remote installers at runtime (e.g., curl -sSL "https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh" -o /tmp/onchainos-install.sh and Invoke-WebRequest "https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.ps1"), and also downloads release checksums from GitHub releases (https://github.com/okx/onchainos-skills/releases/download/.../installer-checksums.txt and checksums.txt) which the skill may run (sh /tmp/onchainos-install.sh or PowerShell), so these URLs are runtime dependencies that fetch and execute remote code.