company-analyzer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches open/public third‑party content (Yahoo Finance via query2.finance.yahoo.com, SEC EDGAR companyfacts, and Alpha Vantage) in fetch_data.sh and then injects that untrusted data (including free‑text company profiles and financial fields) directly into prompts in run-framework.sh/analyze-pipeline.sh, so external web content can materially influence LLM decisions and downstream tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill fetches remote financial data at runtime and injects it directly into LLM prompts (e.g., https://query2.finance.yahoo.com, https://data.sec.gov/api/xbrl/companyfacts/CIK${CIK}.json, and https://www.alphavantage.co/query), so these live external endpoints are required dependencies whose returned content directly controls the model's prompt context and thus the agent's outputs.