web3-methodology-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs fetching and ingesting public third‑party content (e.g., "Find the audit report PDF for your target protocol (GitHub, protocol docs, 'audits' page)", pdftotext/grep workflows, and git clone examples like https://github.com/lidofinance/lido-dao.git), which are untrusted user/public sources the agent would read and use to drive analysis and decisions, enabling indirect prompt injection.