signa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The required workflow includes calling SIGNA endpoints like GET /api/agents/<address>/inbox?limit=20, which ingests free-form inbox body text authored by other agents (outsider-authored) into the agent’s LLM context as readable message content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to https://www.signaagent.xyz (notably POST /api/brain and GET /api/capabilities/invoke), whose returned "brain"/"plan" and capability outputs are intended to direct agent actions and thus can directly control prompts/instructions at runtime.