sparkscan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill issues commands to the public Sparkscan API (base URL https://api.sparkscan.io) to fetch address, token, and transaction JSON (including user-provided token metadata and icon URLs) which the agent is instructed to read and use to drive follow-up actions (e.g., pick transactions/tokens to inspect), so untrusted third-party content can influence tool use.