@1826/nigeria-p2p-arb

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow explicitly fetches live public P2P rates (e.g., Step 1: https://p2p.army and Quidax via web search), calls external price/forex sources (Step 2: coin_price and forex/CBN search), and runs web_search for regulatory news (Step 4), all of which are untrusted public content that the agent must read and use to compute spreads and make action recommendations, enabling indirect prompt injection via those sources.