financial-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests untrusted public content — e.g., scanning RSS feeds via scripts/rss_feeds.py and Seeking Alpha RSS, querying ApeWisdom (Reddit) and StockTwits, Finnhub/AlphaVantage news endpoints, and SEC/third‑party APIs (see SKILL.md workflows and scripts/data_fetchers.py) — and then reads/interprets that content to compute sentiment/sub-scores and drive scanner/deep-dive decisions (composite score, ranking, entry/exit recommendations), so third‑party content can materially influence tool behavior.