akshare-data

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation and CLI explicitly call akshare functions that scrape and ingest data from many open public websites (e.g., references/* target URLs such as eastmoney, sina, jisilu, chinamoney, policyuncertainty, and other news/article endpoints shown in SKILL.md and the references files), so the agent will read and act on untrusted third‑party content as part of its workflow.