swap-status

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to query public RPC endpoints (Step 2) and run cast receipt / cast run (Steps 3–5) or ethers.js provider calls to fetch on-chain receipts and decode revert reasons—these are public, user-submitted on-chain data (potentially arbitrary/untrusted) that the agent parses and uses to decide next actions, so it exposes the agent to untrusted third‑party content.