onchain-data-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill clearly fetches and ingests untrusted, user-submitted on-chain data (contract source code, ABIs, transactions, token transfers, gas data) from public Etherscan-like APIs and explorers (e.g., get_contract_source in scripts/contract_analyzer.py and the various CHAIN_CONFIG api_url endpoints in scripts/etherscan_*.py and gas_tracker.py) and uses that content to drive analysis, risk scores, and recommendations, so third-party content could materially influence the agent's decisions and enable indirect prompt injection.