tushare-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's research/announcement workflow (see reference/research-notes-pdf.md and the client tools like research_report and anns in reference/tool-index.md) explicitly instructs fetching and locally parsing external PDF links and public news/announcements from Tushare/Tushare-pro (public websites), so the agent will read and act on untrusted third‑party content (external PDFs, news, company announcements) as part of its normal workflow.