openfin-onchain

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to call external OpenFinance/Uniblock endpoints (e.g., GET /agent/onchain/token/metadata, /balances, /price) which ingest public third‑party provider data (Alchemy, Moralis, Uniblock, token metadata, logos, and on‑chain data) that the agent is expected to read and use to format balances and make pricing/quoting decisions, so untrusted user-controlled metadata could indirectly influence behavior.