findata-toolkit-us

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses live public web content from third-party sources—e.g., yfinance/Yahoo Finance in scripts/stock_data.py and factor_screener.py, SEC EDGAR JSON/XML in scripts/sec_edgar.py, and FRED via pandas_datareader in scripts/macro_data.py—and directly uses that untrusted data to compute screens, scores, and decision-driving analyses, so external content can materially influence agent behavior.