institutional-flow-tracker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches institutional-holder and profile data from the public Financial Modeling Prep (FMP) API (see SKILL.md "Required: FMP API Key" and scripts/analyze_single_stock.py get_institutional_holders), ingests that third‑party SEC/13F aggregation data as part of its workflow, and uses it to generate signals and trading decisions—so untrusted external content can materially influence agent actions.