@349/okx-onchainos-suite

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required runtime Pre-flight Checks explicitly fetch and parse release tags and installer scripts from public GitHub endpoints (e.g., curl to api.github.com and raw.githubusercontent.com) and its workflows routinely invoke onchainos commands that ingest public on‑chain/market/token/signal data (token search, market price/kline, signal list, portfolio endpoints), all of which are untrusted third‑party content the agent is expected to read and that directly influence downloads, installs, command choices, and trading/broadcast decisions, creating a clear indirect prompt‑injection surface.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's pre-flight checks fetch and execute a remote installer at runtime—e.g. it downloads and runs "https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh"—so remote content is executed and required for operation.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for crypto on-chain financial operations. It exposes wallet login/balance/send/history, swap quote/approve/execute, gas estimate/simulation/broadcast/status, and Tx/signature/DApp approvals, and requires OKX API keys/secret/passphrase. These are specific blockchain/payment actions (signing/broadcasting transactions and executing swaps), not generic tooling—so it grants direct financial execution capability.