whale-hunting

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly states it performs a "Crude scan (Yahoo Finance)" and a "Precise drill-down (Massive API)" and the whales_hunter script consumes that external market data at runtime to decide/flag whale events, so it clearly ingests untrusted public third‑party content (Yahoo / Massive) that materially influences its actions.