tase-stock-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches live, public TASE/Maya content (e.g., via scripts/fetch_tase_data.py and the MCP tools like tase_get_maya_announcements and TASE API endpoints such as https://openapigw.tase.co.il and https://maya.tase.co.il) as a required part of its workflow and then interprets and acts on that data to drive analysis and recommendations, exposing the agent to untrusted third‑party content that could indirectly inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill requires installing and running the TASE MCP server via "npx github:skills-il/tase-mcp" (https://github.com/skills-il/tase-mcp), which fetches and executes remote code as a required dependency for live data access.