pipes-orchestrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests untrusted public content (e.g., the contracts-registry JSON at https://raw.githubusercontent.com/karelxfi/contracts-registry-llm/main/data/generated/indexes/by-address.json and ABIs via Etherscan/Basescan through the abi-manager), and those results are required inputs passed to downstream agents (schema-designer, indexer-code-writer, etc.) as part of mandatory workflows, so third-party content can materially influence tool use and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly WebFetch-es https://raw.githubusercontent.com/karelxfi/contracts-registry-llm/main/data/generated/indexes/by-address.json at runtime (injecting that remote JSON into prompts for contract discovery) and requires running remote code via npx @iankressin/pipes-cli@latest (which fetches and executes a remote CLI) — both are runtime external dependencies that directly influence agent prompts or execute code.