tushare

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and reference docs show runtime use of the Tushare API (e.g., SKILL.md quickstart pro = ts.pro_api(...) and the listed interfaces such as "news" (references/大模型语料专题数据/新闻快讯(短讯).md), research_report, 上证/深证互动问答 and announcement endpoints) which fetch public/untrusted third‑party content (news, social Q&A, announcements, crawled realtime ticks) that the agent is expected to read and that could materially influence decisions or subsequent actions.