maoquant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches market data from an open third-party HTTP API (FaceCat) — see catquant/facecat.py and data_engine.get_history (used by the mandatory Step 0 check_available/get_history in SKILL.md), and that externally-fetched data is read and used to drive backtests and decisions, so untrusted remote content can materially influence agent behavior.