a-fund-monitor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Runtime path: scripts/monitor.sh uses curl to fetch free-form JSON/JS text from public third-party endpoints (http://fundgz.1234567.com.cn/js/${code}.js and http://api.fund.eastmoney.com/f10/lsjz?...) and then parses/embeds extracted fields into REPORT/BRIEF, which are passed as plaintext to python3 ~/clawd/scripts/newsbot_send.py "$(echo -e "$REPORT")"—so outsider-authored web content can flow into the LLM context via the agent’s message/prompting pipeline.