stock-report

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill calls src.data.yahoo_client.get_stock_detail / get_stock_info (fetching public Yahoo-finance-style data) and may call src.data.graph_query.get_industry_research_for_sector (Neo4j-backed industry summaries), then directly reads and uses those external summaries/fields to compute scores, verdicts, and textual report sections, so untrusted public content can materially influence outputs and decisions.