rqdata-python

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests public Ricequant documentation (e.g., scripts/cache_manager.py and document_index_converter.py fetch https://www.ricequant.com/doc/document-index.txt and cache_manager.get_document reads https://www.ricequant.com/doc/sources/rqdata/python/*.md) and SKILL.md requires the agent to read those cached API docs (e.g., reading macro-economy.md) to determine API definitions and drive subsequent code/tool actions, so open public third‑party content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's cache_manager and init scripts fetch remote docs at runtime (e.g., https://www.ricequant.com/doc/document-index.txt and https://www.ricequant.com/doc/sources/rqdata/python/*.md via curl/requests) and then load those fetched markdown files into the skill's context (read_document_lines / get_api_definition) which the agent uses to build prompts/code, so these external URLs are runtime dependencies that can directly influence agent instructions.