okx-dex-swap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's workflow explicitly fetches public data (e.g., running onchainos swap quote/swap which pulls DEX/chain/aggregator quotes and token metadata, and the Pre-flight steps call the GitHub API / raw release assets or the OKX DEX Aggregator API) and the SKILL.md requires the agent to read those returned fields (priceImpact, isHoneyPot, dex routes, tx data, etc.) and act on them (block/warn/execute transactions), so it clearly ingests untrusted third‑party content that can materially change decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's pre-flight checks fetch and run a remote installer at runtime (e.g. curl -sSL "https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh" -o /tmp/onchainos-install.sh followed by sh /tmp/onchainos-install.sh), which downloads and executes remote code that the skill may require to operate.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto DEX swap executor. It provides dedicated commands for quoting, generating approval calldata, and executing swaps (onchainos swap quote / approve / swap), includes explicit wallet signing/broadcasting flows via onchainos wallet contract-call, supports cross-chain token swaps, unlimited approvals, slippage control, MEV protection, and a silent/automated execution mode. This is a purpose-built tool to move crypto funds (create/sign/broadcast token transfer/trade transactions), not a generic API caller or browser automator. Therefore it grants Direct Financial Execution capability.