stock-analyzer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and scrapes public Eastmoney pages (e.g. https://so.eastmoney.com/Web/s?..., https://quote.eastmoney.com/..., https://data.eastmoney.com/..., guba.eastmoney.com) as required by SKILL.md and scripts/fetch_stock.py, and it reads news/announcements/forum and page fields to drive scoring and buy/sell recommendations—so untrusted third‑party content can materially influence agent decisions and enable indirect prompt injection.