pipes-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching and parsing ABIs and dataset pages from public block explorers and the Portal (e.g., ABI_GUIDE.md shows WebFetch calls to https://api.etherscan.io and https://api.basescan.org and RESEARCH_CHECKLIST.md / ABI_GUIDE.md tell the user to visit Etherscan to extract implementation ABIs), so the agent is required to ingest untrusted, user-generated third‑party web content that can change tool behavior (which ABI is used, which events are decoded).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly shows runtime WebFetch calls that fetch ABIs from block-explorer APIs (e.g., https://api.etherscan.io/api?module=contract&action=getabi&address=${address} and https://api.basescan.org/api?module=contract&action=getabi&address=${address}), which are fetched at runtime and the returned ABI JSON is used to generate types/decoders that directly control how the agent/indexer processes events, so this is a required external dependency that can change runtime behavior.