extract-blockchain-media

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests arbitrary on‑chain, user‑generated content from public gateways (e.g., ORDFS URLs like https://ordfs.network/... and https://api.1sat.app/... shown in SKILL.md) and the scripts invoke txex to download transaction contents (scripts/extract.ts), so the agent will read/interpret untrusted third‑party content (including text/JSON/Markdown) as part of its workflow, which could contain instructions that influence subsequent actions.