market-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly requires calling public DefiLlama endpoints (e.g., defillama:get_protocol_metrics, defillama:get_category_metrics, defillama:get_token_prices) to fetch live protocol/category/token data from an external public website, which the agent ingests and uses to drive analysis and subsequent decisions—thus exposing it to untrusted third‑party content.