defi-bridge-route-planner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches route candidates from external aggregators and direct bridge quote endpoints (SKILL.md workflow step 2 and references/aggregator-integration.md), ingesting untrusted third‑party quotes that are directly used by scripts/route_cost_model.py to score and recommend routes, so those external contents can materially influence decisions and thus enable indirect prompt-injection risks.