okx-dex-trenches

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (SKILL.md and references/cli-reference.md) calls onchainos memepump commands (e.g., memepump tokens, token-details, token-dev-info, aped-wallet) which ingest public on-chain data and external social/website links (fields like social.x, social.telegram, social.website) and then use that data to drive analysis and follow-up actions (including swap recommendations), so it clearly consumes untrusted third‑party content that can influence decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight steps explicitly curl/Invoke-WebRequest to fetch and then execute installer scripts from https://raw.githubusercontent.com/okx/onchainos-skills/v1.0.3/install.sh (and the Windows equivalent https://raw.githubusercontent.com/okx/onchainos-skills/v1.0.3/install.ps1) at runtime to install a required binary, which is remote code fetched and executed and thus directly controls execution.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for crypto token workflows and includes direct swap execution steps. It references and documents onchainos swap commands (okx-dex-swap) with concrete CLI parameters (e.g., onchainos swap swap --from ... --to --amount ... --chain solana --wallet ) and a "Buy the token" action in workflow examples. These are specific crypto/ blockchain transaction instructions (swaps/wallet usage), not generic tooling, so it grants direct financial execution capability.