portfolio

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md and references/architecture.md explicitly show the SourceRouter calling external provider APIs (e.g., GET /wallets/{owner}/positions to {PRIMARY_PROVIDER} and fallbacks to DeBank/Step Finance) and then adapting/normalizing that public third‑party data into positions used for routing and aggregation, so untrusted third‑party content is ingested and can influence agent decisions.