market-breadth-analyzer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's main workflow and code (SKILL.md Execution Workflow and scripts/csv_client.py) explicitly fetch publicly hosted CSVs from TraderMonty's GitHub Pages (e.g., https://tradermonty.github.io/market-breadth-analysis/market_breadth_data.csv and market_breadth_summary.csv), parse that untrusted third‑party content as input to the component calculators, and use the resulting values to compute the composite score and recommended equity actions — meaning external content can materially influence decisions.