cmc-api-market

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and reference docs explicitly instruct the agent to fetch and act on community and content endpoints (e.g., /v1/community/trending/token, /v1/community/trending/topic, /v1/content/posts/latest, /v1/content/posts/comments, /v1/content/posts/top, /v1/content/latest), which return public user-generated posts, comments and third‑party news that the agent is expected to read and use for signals/decisions — exposing it to indirect prompt injection risk.