contract-preflight

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly queries the public stxer API (https://api.stxer.xyz — e.g., /devtools/v2/simulations and /sidecar/v2/batch) to fetch live mainnet contract state and decoded results (user-generated on-chain data) and then parses those responses to determine safe_to_broadcast and next actions, so untrusted third-party content directly influences agent decisions.