Skills
skills/yuping322/finskills/dragon-tiger-list-analyzer/Snyk

dragon-tiger-list-analyzer

Warn

Audited by Snyk on Mar 10, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's required workflow and data-fetch steps (references/data-queries.md and references/methodology.md) instruct running shared scripts that fetch/ingest public third-party sources (AKShare, Sina, 东方财富/eastmoney and fallback webpage URLs like http://data.eastmoney.com/stock/lhb.html and http://data.10jqka.com.cn/market/longhu/), meaning the agent will read and act on untrusted public web content as part of its analysis.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 03:23 AM