financial-market-analysis

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The MCP config embeds an API key placeholder directly into command-line args/headers ("x-api-key", "CRAFTED_API_KEY"), which implies the agent must insert and output the secret verbatim (an API key passed as a CLI/header), creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (rules/logic.md step 3: "Analyze News: Scrape latest news sentiment") and SKILL.md's description (using Yahoo Finance and Google Serper to synthesize raw market news) show the agent fetches and ingests open web news/search results and uses that untrusted third‑party content to determine Buy/Hold/Sell ratings, so external content can materially influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The MCP configuration passes the runtime SSE endpoint http://bore.pub:44876/api/v1/mcp/project/1b8245e7-a24f-4cc1-989e-61748bfdab7f/sse (with the CRAFTED_API_KEY) to mcp-proxy, which indicates the agent relies on that external server at runtime to drive analysis/instructions, so remote content can directly control the agent's behavior.