btc-bottom-model

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Execution Steps explicitly require calling the public API https://brief.day1global.xyz/api/btc-score (with public fallbacks like Glassnode, alternative.me, CoinGlass, etc.) to ingest pre-calculated indicator values, composite scores, and action suggestions which the agent must read and use to produce buy/sell recommendations, so untrusted third-party content can directly influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill mandates a runtime call to https://brief.day1global.xyz/api/btc-score which returns pre-calculated scores, indicator data, and a suggestion used directly to populate and control the agent's report, so this external endpoint is a required runtime dependency that directly governs the agent's outputs.