tushare-plugin-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly asks the user to provide a Tushare API documentation URL (or screenshot/copied page) and instructs the agent to fetch/parse that public third-party documentation to extract API specifications, so the agent will ingest and interpret untrusted external web content.