financial-deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Phase 3 "RETRIEVE" and related workflows explicitly launch WebSearch and Task tool calls to fetch and ingest content from open/public websites (e.g., SEC EDGAR, Bloomberg/Reuters, Seeking Alpha, company IR pages and arbitrary URLs) which the agent is expected to read, verify, and synthesize—so it consumes untrusted third‑party content that could carry indirect prompt injections.