crypto-tracker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's scripts (scripts/crypto.py) directly fetch and parse data from the public CoinGecko API (COINGECKO_BASE = "https://api.coingecko.com/api/v3", used in get_prices and search), and that untrusted third-party JSON is used by check-alerts/alert logic to decide and trigger actions, so external content can materially influence behavior.