yfinance

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The instructions require running a remote shell script (astral.sh/uv/install.sh) and cloning an unvetted personal GitHub repo (rizkydwicmt/yfinance-mcp-server) — running fetched .sh files and installing code from an unknown user are common malware distribution vectors, so this combination is high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's tools (e.g., src/yfinance_mcp/tools/search.py get_news and multiple ticker tools) call yfinance.Ticker and ingest news, summaries, ticker.info and screener results from Yahoo Finance/public sources (exposed in SKILL.md and CLAUDE.md), which are untrusted third-party content that the agent is expected to read and can materially influence decisions or follow-up actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt includes installation steps that modify system-wide locations (mcporter config under /etc, /opt paths), runs an installer (curl | sh) and copies skill files into system directories—actions that change machine state and may require elevated privileges even though it doesn't explicitly tell the agent to escalate.