ct-monitor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests public user-generated content (e.g., 5000+ KOL tweets via GET /tweets/feed and /twitter/realtime, and public news/RSS via GET /info/feed) and its core workflows and cron combos instruct the agent to read, synthesize, and act on that content (alerts, trade suggestions, follow-up API calls), so untrusted third‑party text can materially influence agent decisions and behavior.