defillama-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to query real-time DefiLlama endpoints (e.g., https://api.llama.fi, https://yields.llama.fi, https://stablecoins.llama.fi) and to read/interpret that public third-party data as part of its workflow to inform decisions and recommendations, which exposes it to untrusted external content that could influence tool use.