stock-analyzer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill fetches live price data from the public Yahoo Finance API via yfinance (see scripts/main.py _fetch_data, requirements.txt, and SKILL.md which states "Relies on Yahoo Finance"), and that untrusted third‑party data is directly read and interpreted to compute indicators and generate buy/sell signals and reports—so external webpage/data content can materially influence the agent's decisions.