finance

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill directly fetches and ingests data from public third‑party sources (Yahoo Finance via yfinance in scripts/market_quote.py and scripts/market_series.py, and the ExchangeRate‑API open endpoint https://open.er-api.com in scripts/market_quote.py and providers.md), so untrusted public web content is read and used to drive outputs and decisions.