security-check

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to call the public GoPlus API (e.g., GET /token_security/{chain_id}?contract_addresses=..., GET /phishing_site?url=...) using user-supplied contract addresses and URLs and to interpret those responses to decide risk levels and follow-up actions, exposing it to untrusted third-party content.