defi-portfolio-scanner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly fetches and parses data from multiple public third‑party APIs (e.g., Bitflow: https://bff.bitflowapis.finance/api/app/v1/pools, ALEX: https://api.alexlab.co/v1/pool_tokens/balances/, Styx: https://app.styxfinance.com/api, Hiro: https://api.hiro.so/..., and CoinGecko) and ingests that untrusted, user/account-derived content into its scan/summary workflows to compute risk scores and emit signals that materially affect downstream decisions.