smart-contract-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts public GitHub repository URLs and instructs the agent to POST repo_url to the free surface scan (e.g., POST https://api.firepan.com/surface/scan with "target"/"repo_url" as shown in SKILL.md) and then uses LLM verification of findings, so it ingests untrusted, user-generated third‑party code/content that can influence analysis and subsequent actions.