fetch-source

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md and scripts/fetch_sources.sh) explicitly fetches and saves contract source code from public third-party sites Sourcify (https://sourcify.dev) and Etherscan (https://api.etherscan.io), which are user-published/untrusted sources that the agent is expected to read and analyze as part of its audit workflow, so those remote contents could influence subsequent actions.