yfinance-data

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches public third-party data from Yahoo Finance via yfinance (e.g., SKILL.md and references/api_reference.md show calls like ticker.news and ticker.info) and the workflow directs the agent to read and use that untrusted news/summary/analyst content to drive analysis, highlights, and recommendations, so external content could indirectly inject instructions or alter actions.