@2004/erc-8004

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's get_agent implementation (_identity.get_agent) explicitly fetches registration files from tokenURI via public IPFS (https://ipfs.io/ipfs/...) and arbitrary http(s) URLs and exports.discover_agents and related functions read and act on those registration_file fields to filter/discover agents, so untrusted third-party content can be fetched and influence agent decisions.