buyback-monitor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow and references/data-queries.md explicitly instruct running ../findata-toolkit scripts (e.g., ../findata-toolkit/scripts/sec_edgar.py and stock_data.py) to fetch SEC EDGAR filings and other public market data from open third‑party websites, which the agent is expected to read and which materially influence analysis and actions.