debank

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill makes runtime calls to the public DeBank API (via debank_api_request in tools/utils.py to https://pro-openapi.debank.com) and returns user-controlled blockchain data (e.g., /v1/user/history_list, /v1/user/nft_list, token/protocol endpoints) that the agent is expected to read and act on (see SKILL.md and the tools in user.py), so untrusted third-party content can influence decisions and tool use.