identity

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime (index.ts) uses the ERC-8004 client (createERC8004Client / client.getAgent, getAgentByOwner, getReputation, verify, etc.) and reads fields like tokenURI, agent.card (name, description, endpoints) and reputation — all public/user-controlled metadata/token URIs — so untrusted third-party content is ingested and shown in workflow and can affect verification/trust outputs.