zerion-wallet-data

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and interpret live data from the public Zerion API (e.g., "mp x402 request --url https://api.zerion.io/v1/..." and wallet/transactions/nft endpoints), which returns user-generated on-chain/transaction data that the agent is expected to read and use to drive decisions and analyses, exposing it to possible indirect prompt injection via untrusted third‑party content.