financial-health

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Data Fetching Process explicitly requires fetching and ingesting open/public third‑party content (e.g., the SEC XBRL facts JSON at https://data.sec.gov/api/xbrl/companyfacts/..., pages on https://stockanalysis.com/, https://www.gurufocus.com/, and WebSearch results for debt maturity/credit ratings) and uses that content as required input to compute ratios and drive credit/debt decisions, so untrusted third‑party content could materially influence the agent's analysis and actions.