okx-dex-market

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches public third-party content (e.g., the Pre-flight Checks require calling the GitHub API and downloading installers/checksums from raw.githubusercontent.com/releases), and its runtime workflow also ingests untrusted on-chain/token data returned by the onchainos CLI (token names, symbols, kline/price feeds, wallet PnL) which the agent uses to drive follow-up actions (e.g., suggesting or routing to swap commands), so untrusted web content can materially influence tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight checks fetch and execute a remote installer at runtime (e.g., curl -sSL "https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh" -o /tmp/onchainos-install.sh" followed by "sh /tmp/onchainos-install.sh"), which downloads and runs external code that the skill requires to operate.