okx-how-to-play

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required shared preflight ( _shared/preflight.md ) instructs the agent to fetch and parse public GitHub content (curl the GitHub API, download installer scripts from raw.githubusercontent.com and release assets from github.com) and then act on that data (version decisions, verify checksums, and potentially execute installers), so untrusted third‑party content is read and can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The shared preflight explicitly downloads and then executes a remote installer at runtime (curl to https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh -> sh /tmp/onchainos-install.sh, plus related downloads from https://github.com/okx/onchainos-skills/releases/...), so external content is fetched and executed and is required for the skill.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly centered on on-chain wallet and exchange interactions. It invokes concrete wallet commands ("onchainos wallet status", "onchainos wallet login", "onchainos wallet verify "), requires or instructs setting OKX API credentials (OKX_API_KEY, OKX_SECRET_KEY, OKX_PASSPHRASE), and routes users to DApp workflows that include swaps, bridges, buy/sell, and other DeFi actions. These are specific crypto/blockchain and exchange integrations (not generic tooling) that enable transaction-capable operations. The presence of explicit API key fields and wallet/login commands indicates direct financial execution capability.