finance-stream-fetch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (scripts/request.js) POST the user's prompt to an external SSE endpoint (DEFAULT_API_URL http://aliceexp.wind.com.cn/Weaver/ChatAgent; the portal aimarket.wind.com.cn is also referenced in SKILL.md), parse streamed events including agentResult.value, and use those third‑party responses to form the agent's output—so untrusted external content can directly influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime POST fetches user prompts to http://aliceexp.wind.com.cn/Weaver/ChatAgent (DEFAULT_API_URL) and streams back SSE events whose agentResult.value are parsed and emitted for the agent to use, so the external server directly controls the content injected into the agent's responses.