okx-buildx-hackathon-agent-track

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells the agent to obtain API keys from the human and to place them into Authorization headers, curl examples, and saved credential files (e.g., "Authorization: Bearer YOUR_API_KEY" and credentials.json), which requires the LLM to handle and potentially output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md and setup scripts explicitly instruct the agent to fetch and browse public Moltbook submissions (https://www.moltbook.com/m/buildx) and other third‑party resources (e.g., GitHub repos, https://www.moltbook.com/skill.md, https://web3.okx.com/llms.txt, Uniswap docs) and to read/interpret those user-generated submissions as part of voting/evaluation workflows, which could allow indirect prompt injection from untrusted external content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches external LLM reference docs at runtime (e.g., curl in scripts/setup.sh and the "Tip: Fetch https://web3.okx.com/llms.txt to load OnchainOS API docs directly into your context") and those fetched documents are intended to be loaded into the agent's context and therefore directly control prompts/instructions, making https://web3.okx.com/llms.txt a required runtime dependency that influences agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly centered on on-chain financial activity: it requires an Agentic Wallet, obtaining an OnchainOS API key, and mandates calling OnchainOS modules and/or Uniswap AI Skills (listing Wallet, DEX, Payment modules). It repeatedly references executing on-chain transactions, transaction signing via the Agentic Wallet, swap/trading/payment use-cases, and scoring/prize criteria based on transaction volume. These are specific crypto/blockchain financial capabilities (wallets, swaps, signing, payments), not generic tooling, so it grants direct financial execution authority.