auditing-wallet-security

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and interprets data from open/public third‑party sources (e.g., eth_getLogs and eth_call via public RPCs in approval_scanner.py and explorer API calls in approval_scanner._get_spender_name and tx_analyzer._api_call to Etherscan/BSCScan/TokenSniffer/GoPlus noted in SKILL.md and ARD.md), and that untrusted contract metadata/source/ABI is used to flag risk, compute scores, and produce revoke recommendations — meaning external content can materially influence tool behavior.