ib-portfolio-action-report

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and scripts/report.py explicitly fetch and incorporate public market data (e.g., "fetches earnings dates" and "earnings" / "technicals" in the JSON) and the dependencies list includes yfinance, indicating it ingests open/public third-party content (Yahoo/financial sites) which is then read and used to drive risk indicators and action recommendations in the report.