alphaear-signal-tracker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow and prompts (SKILL.md and FinResearcher in references/PROMPTS.md) explicitly direct the agent to call web_search and fetch_news_content — implemented in scripts/tools/toolkits.py (NewsToolkit.fetch_news_content and SearchToolkit.web_search) which uses scripts/utils/content_extractor.extract_with_jina to fetch arbitrary public URLs/news — and that fetched, untrusted third‑party content is then used to produce and update InvestmentSignal outputs that drive decisions, so the agent is exposed to untrusted web content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill calls Jina Reader at runtime (JINA_BASE_URL = "https://r.jina.ai/") to fetch/extract webpage content which is then returned via fetch_news_content and injected into the agents' research/analysis prompts, meaning remote content from https://r.jina.ai/ can directly influence agent instructions and outputs.