tushare

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to ask the user for missing secrets (TUSHARE_PROXY_TOKEN/TUSHARE_PROXY_URL) and then directly write them into a file as "KEY=value" and inject them into the process environment, which requires the model to handle and embed secret values verbatim (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to call Tushare APIs (pro.xxx) and fetch public third‑party data (e.g., "news", "research_report", "anns_d" / company announcements, "irm_qa_sh"/"irm_qa_sz" interactive Q&A, 东方财富/同花顺 hotlists shown in the references) which are untrusted/public user‑generated sources that the agent will read and act on as part of its workflow, enabling indirect prompt injection.