zerion-sendai-ideas

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and interpret open/public third‑party content — e.g., WebSearch results, DefiLlama public API endpoints (https://api.llama.fi/..., https://yields.llama.fi/...), and live on‑chain data via the zerion CLI commands (zerion analyze, zerion history, zerion positions) — and uses those findings to drive idea ranking, go/no‑go decisions, and next actions, which meets the criteria for indirect prompt injection risk.