p2p

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md workflow explicitly instructs the agent to call Binance public P2P endpoints on https://www.binance.com (e.g., /bapi/c2c/v1/public/c2c/agent/trade-methods and /ad-list) and to ingest merchant/post-created ad data and payment-method identifiers as part of its decision and ranking logic, so it consumes untrusted, user-generated third-party content that can influence subsequent actions.