okx-dex-trenches

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and ingests public third‑party data (e.g., GitHub releases and raw installer downloads in _shared/preflight.md, and real‑time memepump data via the wss://wsdex.okx.com WebSocket and memepump API channels described in references/ws-protocol.md and SKILL.md), and it parses token names, social links, dev info and notifications as part of its workflow to drive reports and suggested next actions — therefore untrusted user/web content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's preflight explicitly downloads and executes remote installer code at runtime (e.g., curl -sSL "https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh" -o /tmp/onchainos-install.sh followed by sh /tmp/onchainos-install.sh, and related GitHub release/checksum fetches), so it relies on external content that is executed locally.