nansen-web-fetcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly lets the agent fetch and analyze arbitrary URLs via positional args or --url (e.g., "nansen web fetch https://nansen.ai" and the --url flag) and uses the fetched page content to answer questions, meaning untrusted public web content can be ingested and influence the agent's outputs and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). This skill fetches arbitrary user-supplied URLs at runtime (e.g., https://nansen.ai) and injects the retrieved page content into the model context to answer questions, so external content can directly control prompts.