okx-security

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The Pre-flight Checks explicitly instruct the agent to fetch release metadata, installers, and checksum files from public GitHub endpoints (e.g., api.github.com and raw.githubusercontent.com/releases/...), and to read/verify those files and potentially execute the downloaded installer—so the agent consumes and acts on untrusted, user-hosted third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Pre-flight Checks explicitly fetch and execute a remote installer script at runtime from https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh (and related GitHub release assets), which downloads and runs remote code as a required dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs the agent to download and execute installers, install/update a local binary, verify checksums, and interact with the system Keychain — all actions that modify the host environment and can change machine state.