gate-info-addresstracker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls external MCP tools (e.g., info_onchain_get_address_info in Step 2 and info_onchain_get_address_transactions / info_onchain_trace_fund_flow in Step 4) which ingest on-chain data and third-party label/risk feeds (SKILL.md and Safety Rules cite BlockInfo / Nansen / Arkham), and the agent is instructed to read those results and use labels/risk_score to auto-upgrade to deep mode and drive further tool calls and LLM analysis—so untrusted third-party content can materially influence behavior.