nodit-openapi-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires network access to the public Nodit API at https://web3.nodit.io (and to the hosted OpenAPI schema at https://raw.githubusercontent.com) and its SKILL.md workflow instructs the agent to call and parse JSON responses (notably post:/v1/multichain/lookupEntities) which are used to decide follow-up reads and operations, so untrusted third-party content can directly influence tool use and next actions.