coingecko

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill repeatedly calls the public CoinGecko Pro API (e.g., tools/coins.py, tools/coin_prices.py, tools/coin_historical_chart_range_by_id.py) to fetch open/public data — including coin descriptions, links, trending/user-search data and other user-influenced fields — which the agent is expected to read and use as part of its workflows (see SKILL.md and the tool execute() methods), so untrusted third‑party content could indirectly inject instructions.