trading-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md "Research" workflow explicitly uses web_search and web_fetch to find and extract logic from public tutorials/PDFs on the web, which the agent ingests and codifies into trading code, so untrusted third‑party content can directly influence its behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs runtime web_search/web_fetch to retrieve arbitrary external web pages/PDFs whose contents are extracted and used to generate prompts and produce executable Python strategy code, so the external URLs fetched at runtime (flagged: arbitrary URLs retrieved via web_fetch — no specific static URL provided) directly control the agent.