analyst-common-stock

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's mandatory workflow (SKILL.md "웹검색 도구 직접 호출 필수" and the web-search and "원문 인용 규칙" sections) requires the agent to fetch and copy original text from open/public third‑party sites (e.g., finance.naver.com, finance.yahoo.com, SeekingAlpha, news sites) and use those texts to drive verification and decision logic, exposing it to untrusted third‑party content that could carry indirect prompt injection.