tushare

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and reference docs explicitly instruct the agent to call pro.xxx (e.g., endpoints like "news", "research_report", "anns_d", "irm_qa_sh/irm_qa_sz", "dc_hot/ths_hot" which pull public news, research reports, exchange announcements and app hotlists) to fetch open/public third‑party and user‑generated content that the agent is expected to read and could materially influence its decisions or actions.