tushare-finance

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls the public Tushare Pro API and its bundled reference docs (e.g., reference/接口文档/上市公司公告.md and reference/接口文档/上证e互动问答.md) show endpoints that fetch public/user-generated announcements and Q&A which the SKILL.md/usage steps instruct the agent to retrieve and interpret as part of its workflow, so untrusted third‑party content could influence actions.