okx-dex-swap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly calls the public OKX API (e.g., GET https://web3.okx.com/api/v6/dex/aggregator/swap) and ingests untrusted remote fields like tx.data and signatureData which the agent parses and uses to build, sign, and broadcast on-chain transactions, so third-party responses can materially change agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly and specifically designed to execute on-chain token swaps and submit signed transactions. It documents OKX DEX aggregator endpoints for obtaining swap calldata (/api/v6/dex/aggregator/swap) and for broadcasting signed transactions (/api/v6/dex/pre-transaction/broadcast-transaction), requires wallet private keys/keypairs, details signing flows (EVM and Solana), token approval flows, and shows example code that signs and broadcasts transactions. That is direct crypto/financial execution (wallet signing, sending transactions, performing swaps), not a generic tool — therefore it grants Direct Financial Execution Authority.