monitoring-whale-activity

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and processes live data from public third‑party APIs (e.g., Whale Alert in scripts/whale_api.py, CoinGecko in scripts/price_service.py, plus Etherscan/Blockchain.com noted in ARD/PRD), and it directly reads and uses untrusted on‑chain/user-generated fields (transactions, owner/owner_type) to label transactions and drive flow analysis/alerts, so external content can materially influence behavior.