chain-ecosystem

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly calls public DefiLlama endpoints (e.g., defillama:resolve_entity, defillama:get_chain_metrics, defillama:get_protocol_metrics, defillama:get_bridge_flows, defillama:get_stablecoin_supply, defillama:get_user_activity) to fetch third-party chain/protocol data that the agent reads and uses to drive analysis and decisions, exposing it to untrusted external content that could indirectly influence behavior.