company-valuation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly pulls live, public third‑party data (e.g., SKILL.md Step 3’s use of yfinance: t = yf.Ticker(TICKER) and the peer loop yf.Ticker(p).info, plus references/wacc_erp_rates.md’s live ^TNX fetch), and the agent is required to read and act on that external Yahoo Finance/market data as part of its valuation workflow, so untrusted third‑party content can materially influence decisions.