stock-rt-subscribe

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and ingests runtime data from arbitrary remote Receiver nodes (STOCK_RT_NODE_URL) and an MCP service (STOCK_MCP_URL) — see scripts/subscribe_client.py (StockWSServer._fetch_batch/_fetch_latest) and scripts/ai_agent_integration.py (_mcp_call / _mcp_fetch_for_alert) — and that external content is parsed and used by AlertEngine.on_tick/_build_context to derive fields and trigger alerts, so untrusted third-party content can materially change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill makes runtime JSON-RPC calls to the hard-coded MCP endpoint http://s1.jqcloudnet.cn:8001/mcp (via _mcp_call) to invoke remote "tools/call" (e.g., tushare_daily_get_daily_data), which executes remote tools and returns content that the AlertEngine uses for enabled strategies, so this URL is a runtime dependency that can execute remote code and influence agent behavior.