swap-planner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests untrusted, public third-party content (e.g., api.dexscreener.com, api.geckoterminal.com, api.coingecko.com, tokens.pancakeswap.finance, pancakeswap.ai, and WebSearch) as required steps in the workflow to discover/verify tokens and price data, and those results are used to decide routing, warnings, and to build deep links—so external content can materially influence agent decisions.