finance
Warn
Audited by Snyk on Feb 25, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's Finance_API_Doc.md explicitly directs the agent to fetch external market news (/v1/markets/news, /v2/markets/news) and public company data/filings (various /v1/markets/stock/modules endpoints) via the gateway, which the agent is expected to read and use for analysis and decision-making, exposing it to untrusted third-party content.
Audit Metadata