anygen-financial-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill sends user prompts (and uploaded files) to the AnyGen API and explicitly states it uses publicly available data (e.g., Bloomberg, Yahoo Finance, company filings) and then requires the agent to read and directly present/use the prepare API's returned "reply" and "suggested_task_params"/prompt (SKILL.md phases 1–3), so untrusted third‑party content ingested server‑side can materially influence the agent's subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill makes runtime calls to the AnyGen OpenAPI at https://www.anygen.io (API_BASE) which returns suggested_task_params/reply used as prompts/instructions for the agent, and the skill requires this external service (ANYGEN_API_KEY) to function, so remote content directly controls agent prompts.