uzi-skill-stock-analyzer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's fetch_*.py modules and "Data Source Fallback Chain" explicitly pull data from open public sites (东方财富/eastmoney, 雪球/xueqiu, akshare, yfinance, DuckDuckGo, etc.), and the mandatory requires the agent to read and interpret that untrusted third‑party content to form investor judgments and drive downstream report/decision actions, so external web content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs at runtime to clone and follow/install from the remote repository (e.g. git clone https://github.com/wbh604/UZI-Skill and fetch https://raw.githubusercontent.com/wbh604/UZI-Skill/main/.codex/INSTALL.md), which downloads and/or runs remote code or remote installation instructions that directly control agent behavior and are required to use the skill.