eastmoney_financial_search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow sends user queries to the external Eastmoney API (https://mkapi2.dfcfs.com/finskillshub/api/claw/news-search), ingests news/研报/公告 content from public third-party sources (as shown in SKILL.md and scripts/search.py), and uses that content in its processing—so untrusted external content could influence the agent's actions.