mainstream-spot-order

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches public market data and API responses from OKX/onchainos (see SKILL.md prerequisites and the REST call in collect.py and okx kline usage in collect.py, live.py, backtest.py), and those untrusted third‑party candle/quote responses are read and interpreted by the agent to drive backtests, auto‑research changes, and live trading decisions — so external content can materially influence tool use and next actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto spot trading system with built-in live trading. It uses onchainos CLI and OKX DEX APIs, requires an OKX Agentic Wallet (TEE signing), and includes concrete commands to request swap quotes and execute swaps (e.g., onchainos swap swap ... and onchainos wallet contract-call ... to sign & broadcast). live.py runs real on-chain swaps when PAPER_TRADE = False and, after explicit session authorization, the bot autonomously executes trades within configured risk limits. These are specific crypto/blockchain transaction capabilities (wallet signing, swap execution, on-chain broadcasts), which meet the "Direct Financial Execution" criteria.