yfinance-data

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill’s SKILL.md and references/api_reference.md explicitly instruct the agent to fetch and parse data from Yahoo Finance via the yfinance library (e.g., ticker.info, ticker.news, yf.download), which ingests public third‑party content that the agent is expected to read and act on and therefore could carry indirect prompt-injection instructions.