protocol-deep-dive

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly calls public third-party data sources (e.g., defillama:get_protocol_metrics, defillama:get_events, defillama:get_yield_pools and coingecko token prices) and the agent is expected to read and use that external content to produce analyses and drive decisions in the report, exposing it to untrusted public web content that could embed instructions.