ct-monitor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and synthesize open/public third‑party content — e.g., user-generated KOL tweets via GET /tweets/feed and /twitter/realtime, public news/RSS via GET /info/feed, and public Binance/CoinGecko endpoints — and to use those untrusted sources to drive alerts, trading suggestions, and automated actions, which clearly allows indirect prompt injection via third‑party content.