defillama

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md and exports.py explicitly call public APIs (https://api.llama.fi, https://pro-api.llama.fi, https://bridges.llama.fi, https://stablecoins.llama.fi) and the recipes show the agent parsing that external JSON to filter/sort/select yield pools and protocol actions, so untrusted third‑party content from those open APIs is consumed and can materially influence decisions.