alchemy-web3

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches public, potentially user-generated blockchain and NFT data from Alchemy's open APIs (e.g., https://{chain}.g.alchemy.com/nft/v3/... and the JSON-RPC endpoints shown in SKILL.md and scripts/alchemy.sh), and the agent workflows in references/agent-workflows.md show the agent reading that data (NFT metadata, transfers, floor prices) and making automated decisions/actions (alerts, trades), so untrusted third-party content can materially influence agent behavior.