claw-screener

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches public third-party data (SEC EDGAR and Yahoo Finance) — see "Data Sources" in SKILL.md and runtime code in src/analyze.ts (SECClient and yahoo-finance2 calls) and src/compoundingMachine.ts (yahoo-finance2 fundamentals/historical calls) — and ingests that untrusted web content to compute scores and drive screening/filter decisions, so external page/content could indirectly influence agent behavior.