glmv-stock-analyst

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Step 2/Step 3) and scripts (scripts/fetch_all.py, fetch_ir.py, etc.) explicitly fetch and ingest public third‑party content — e.g., Eastmoney APIs, cls.cn news, yfinance/akshare data and downloaded PDF research/IR pages — and instruct the agent to read/interpret those summary.json/data.json and image/PDF pages to drive analysis and recommendations, so untrusted external content can directly influence decisions and tool use.