rootdata-crypto-plugin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly calls a public third-party API (api.rootdata.com) in SKILL.md — e.g., POST https://api.rootdata.com/open/okx/skill/get_item, get_fac, hot_index — and ingests/displayes external public/news/social content (source_url/rootdataurl and free-form descriptions) that the agent is expected to read and use in its workflow, which could carry untrusted instructions for indirect prompt injection.