financial-deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md Phase 3 "RETRIEVE" and related workflow explicitly require launching parallel WebSearch calls and Task agents to fetch and analyze open/public third‑party sources (e.g., SEC EDGAR, Bloomberg, Reuters, Seeking Alpha and arbitrary web queries), and those fetched pages are read and used to drive verification, synthesis, and report generation—so untrusted web content can directly influence agent decisions and tool use.