defi-security-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly instructs the agent to fetch and ingest untrusted public content (web searches, DeFiLlama API, GoPlus API, Etherscan/Solana Explorer and protocol websites) and to use those findings to compute triage scores and drive follow-up actions, so it is exposed to indirect prompt-injection risk.