blave-quant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's fetch_news command (src/googlenews_fetch.py and referenced in SKILL.md/main.py) uses the GoogleNews library to retrieve public news articles from the open web that the agent is expected to read for analysis/strategy signals, which could materially influence trading decisions and thus enable indirect prompt injection from untrusted third‑party content.