canslim-screener

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests public third‑party data—e.g., FinancialModelingPrep API endpoints (including /stock_news and /institutional-holder) and Finviz web scraping via finviz_stock_client.py—and the agent parses and uses that external news, ownership, and price content as part of its CANSLIM scoring, thus exposing it to untrusted public web content that could carry indirect prompt injection.