alphaear-predictor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs agents to fetch and use web news/search results as core inputs—e.g., scripts/prompts/fin_agent.py requires calling web_search or fetch_news_content, scripts/prompts/trend_agent.py requires using news_toolkit/search_toolkit to collect internet news, and SKILL.md / references/PROMPTS.md mandate using "Latest Intelligence/News Context" to adjust Kronos forecasts—therefore untrusted third‑party content from public web sources is ingested and can directly change predictions and actions.