trae-cn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's MCP server and tools (see scripts/mcp_server.py) explicitly call public data sources (e.g., StockDataAPI(data_source="sina") and AIStockPicker) and the SKILL.md also advertises HTTP requests and Playwright/web scraping capabilities, meaning the agent will fetch and interpret open/public third‑party content that can materially influence tool outputs (stock picks, risk advice, indicators).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes runtime commands that fetch and execute remote code via npx (e.g., "npx @modelcontextprotocol/server-filesystem" and "npx -y @modelcontextprotocol/server-python scripts/mcp_server.py"), which would run externally-published code as part of the MCP server setup and are presented as required for MCP functionality.