blockscout-openapi-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs the agent to link and query public Blockscout hosts (e.g., https://eth.blockscout.com/api/v2 and relinkable hosts like https://optimism.blockscout.com/api/v2) and to fetch a curated OpenAPI schema from raw.githubusercontent.com, and the workflow requires the agent to read and interpret JSON responses from those external APIs—untrusted public content that could influence subsequent tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs using the --schema-url https://raw.githubusercontent.com/holon-run/uxc/main/skills/blockscout-openapi-skill/references/blockscout-v2.openapi.json at runtime (uxc link / --schema-url), and that fetched OpenAPI schema is a required dependency used to drive available operations and thus directly shapes agent prompts/instructions.