token-scam-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly requires fetching and interpreting public third-party content — e.g., Step Final-1 mandates running search_tool and browse_url on public sites (Twitter/X, investigator posts, gitbook docs, block explorers) and using get_social_sentiment_for_ticker/market_intelligence — and those off-chain findings are required to adjust the verdict, so untrusted web/social content can materially influence agent decisions.