news-sentiment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's main script (scripts/news.py) explicitly scrapes public third‑party sites—search_news fetches and parses articles from Sina Finance (vip.stock.finance.sina.com.cn and article pages via _fetch_article_content) and search_social uses snscrape to ingest Twitter and Reddit posts—these are untrusted, user‑generated/open web contents that the agent parses and uses (including sentiment analysis) to produce outputs and drive behavior.