macro-intelligence

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests public third‑party content (NewsNow, Polymarket, Telegram groups via Telethon, 6551.io OpenNews REST/WS, Finnhub, FRED, CoinGecko, Fear & Greed) — see SKILL.md and functions like fetch_news_headlines, fetch_polymarket_signals, _telethon_monitor, fetch_opennews_rest, fetch_finnhub_news, fetch_fred_indicators in macro_news.py — and the pipeline (process_signal, classify_text, _llm_classify, _generate_insight) interprets that untrusted/user-generated content to produce signals, magnitudes, and LLM-driven actions exposed via the API, so third‑party content can materially influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill fetches external article text at runtime from https://ai.6551.io/open/free_hot?category=news (OPENNEWS REST) which is then injected into the LLM prompts/insight-generation pipeline (Anthropic calls), so remote content can directly control model input.