ton-balance

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflows call tools like get_transactions, get_transaction_status, get_jetton_info, and get_known_jettons to read public TON blockchain data (transactions and token metadata) which is user-generated/untrusted and could contain crafted messages or metadata that influence the agent's subsequent actions.