alphaear-reporter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to fetch and ingest open web and social media content (e.g., NewsToolkit.fetch_hot_news and fetch_news_content which call ContentExtractor.extract_with_jina, SearchToolkit.web_search, and Trend/Fin researcher prompts requiring web_search/news content) and then requires the agent to read and base analysis on that untrusted, user-generated third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's ContentExtractor uses the Jina Reader proxy (JINA_BASE_URL = "https://r.jina.ai/") to fetch arbitrary webpage content at runtime (via extract_with_jina / NewsToolkit.fetch_news_content), and that fetched content is injected into agent tool outputs and prompt context—meaning external URLs like https://r.jina.ai/ (and the target pages it proxies) can directly control model prompts.