stress-test

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The script (scripts/run_stress_test.py) calls src.data.yahoo_client.get_stock_info and get_price_history to load stock and macro-factor data from public sources (e.g., Yahoo Finance), and that fetched third‑party content is printed, included in the JSON dump, and used to drive scenario analyses and LLM-generated recommendations—so untrusted web content is read and can materially influence decisions.