stock-watcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's scripts (notably scripts/add_stock.py and scripts/summarize_performance.py) directly fetch and parse pages from the public site https://stockpage.10jqka.com.cn/{stock_code}/ and then use that parsed content (stock names and performance data) as part of their workflow, so untrusted third-party page content can influence the agent's actions and outputs.