Skills
skills/aibtcdev/skills/yield-dashboard/Snyk

yield-dashboard

Warn

Audited by Snyk on Mar 24, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). The skill fetches live data from public third-party endpoints — notably the Bitflow public API (https://app.bitflow.finance/api) and Hiro read APIs as shown in yield-dashboard.ts and SKILL.md — and directly uses those responses (APY, pool data, balances) to compute weighted APYs and generate rebalance suggestions, so untrusted external content can materially influence agent decisions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 24, 2026, 10:47 AM
Issues
1