alphaear-reporter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to fetch and use live, open-web content (including social media/news) — e.g., scripts/prompts/fin_agent.py requires calling web_search or fetch_news_content and scripts/tools/toolkits.py (NewsToolkit/ SearchToolkit) plus scripts/utils/content_extractor.py perform live scraping of arbitrary external URLs (weibo, zhihu, v2ex, public news sites), which the agent must read and which directly drive forecasts, ISQ scores, and downstream actions, exposing it to untrusted third‑party content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's ContentExtractor uses the Jina Reader endpoint (https://r.jina.ai/) at runtime to fetch arbitrary webpage content which is then injected into agent/tool outputs and LLM prompts for analysis, so remote content can directly control model inputs.