tushare-data

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and ingest open/public third‑party content (e.g., news, announcements, research_report, major_news, anns_d, irm_qa_sh/irm_qa_sz endpoints listed in references/数据接口.md) as part of required workflows in SKILL.md (see the "公告 / 新闻 / 研报 / 政策" workflow), meaning untrusted external content is read and used to drive conclusions and next actions and could carry indirect prompt injections.