stock-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs WebSearch for each stock (SKILL.md Step 3) and its data script (references/stock_data_fetcher.py search_news) ingests third‑party news via Tavily/SerpAPI or Claude WebSearch fallback, and those news items are used in STEP 4 to influence scoring and buy/sell decisions — so untrusted web content can materially affect agent actions.