mega-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Step 3 and the included how-to-get-source-code.md) explicitly instructs the agent to fetch and ingest verified smart contract source code from public blockchain explorers and services (Etherscan/Arbiscan/Basescan via API or forge clone, Sourcify, Blockscout, and related HTTP/API calls), which are untrusted third-party sources whose content the agent reads and uses to drive auditing tools and decisions, enabling potential indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The mega-audit pipeline explicitly requires checking out and running the Archethect sc-auditor repository (https://github.com/Archethect/sc-auditor), which is a TypeScript MCP server that the skill instructs to install and execute (npm install / node ...), meaning remote code is fetched and run at runtime and that repo is a required dependency.