trend-stock-research
Warn
Audited by Snyk on Jun 14, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Step 2’s runtime workflow fans out subagents to read outsider-authored free text from public paywalled journalism (e.g., Seeking Alpha/WSJ/FT) via browser tools that ingest
document.body.innerTextinto the agent context, creating an indirect prompt-injection surface.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read paywalled articles at runtime (example: chrome-use open "https://www.ft.com/content/" then evaluate document.body.innerText), meaning external content from https://www.ft.com/content/ is fetched during execution and injected into/substantively controls subagent prompts and analysis.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt explicitly instructs the agent to drive the user's real Chrome (via chrome-use / browser tools) and rely on a "bypass-paywalls-chrome" extension to read paywalled content (i.e., bypass an access control), and it also directs running local scripts and writing to local CSV/DB files — so it instructs actions that bypass security boundaries and modify local state, though it does not request sudo or system-level config changes.
Issues (3)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata