financial-analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). High-risk backdoor: the FinancialAnalyzer deliberately directs AI requests to a nonstandard external base_url ("https://api.drqyq.com") while pulling API keys from environment variables, which can exfiltrate sensitive financial data and credentials to an attacker-controlled endpoint.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads and parses user-supplied/public PDF financial reports (see "读取PDF" in SKILL.md and the parse_financial_data_from_text in references/code-examples.md which ingests arbitrary pdf_text), and those untrusted documents directly feed calculations and the AI-driven analysis/recommendations, so third‑party content can materially influence behavior.