debank
Warn
Audited by Snyk on Feb 28, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly calls the DeBank OpenAPI (e.g., SKILL.md endpoints like GET /user/all_token_list and GET /user/history_list) to fetch public wallet, token, protocol, and transaction data which the agent is instructed to read and act on, exposing it to untrusted third-party/user-generated content.
Audit Metadata