allium-onchain-data

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to call Allium's public API (https://api.allium.so) to browse/search docs and schemas and to fetch wallet transactions, token search results and custom SQL query outputs — these endpoints return public on‑chain and user-generated content that the agent is expected to read and use to drive decisions, creating a path for indirect prompt injection.