okx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill suite explicitly fetches and ingests public, user-generated on-chain and DEX data (e.g., "okx-dex-signal" fetches buy-direction signals, "okx-dex-swap" queries quotes across 500+ liquidity sources, and "okx-dex-trenches" scans new token launches) and the SKILL.md shows these feeds are read and used to drive trading, risk scans, and execution decisions, so untrusted third‑party content can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill uses npx to install and run code directly from the repository URL https://github.com/okx/onchainos-skills at runtime (e.g., "npx skills add https://github.com/okx/onchainos-skills"), which fetches and executes remote repository code as a required dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill suite explicitly provides on-chain transaction and payment capabilities: okx-agentic-wallet supports token transfers, native asset sends, smart-contract calls and TEE/local signing; okx-dex-swap performs quotes, approvals and executes swaps (approve+swap, swap execution); okx-onchain-gateway broadcasts signed transactions and supports gas estimation/simulation; okx-x402-payment signs payment authorizations for payment-gated resources. These are specific crypto/financial execution tools (sending transactions, signing, broadcasting, and executing trades/payments), so the skill grants direct financial execution authority.