tokenmist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill calls the public Tokenomist API (BASE_URL=https://api.tokenomist.ai) via proxied_get in tools/client.py and consumes that JSON in the tool wrappers (e.g., tools/tokenmist_tools.py and the TokenmistTokenOverviewTool described in SKILL.md) to resolve tokens and drive downstream decisions, so external/untrusted API content can materially influence agent behavior.