nansen-dca-tracker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly instructs running Nansen CLI commands (e.g., "nansen research smart-money dcas" and "nansen research token info") which pull live, open/public data from Nansen (app.nansen.ai) — untrusted third‑party blockchain/user-labeled content that the agent ingests and uses to drive analysis and decisions, so it could enable indirect prompt injection.