kanchi-dividend-sop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's scripts (notably scripts/build_entry_signals.py) explicitly fetch live data from the public FinancialModelingPrep API (FMP_BASE_URL https://financialmodelingprep.com) and SKILL.md cites FMP/FINVIZ as input sources, and those external responses are parsed and directly drive screening, signals, and buy/entry decisions—i.e., untrusted third-party content is ingested and can materially influence actions.