clawshire-annual-report

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Flagged because the skill explicitly accepts arbitrary public URLs (see SKILL.md "工作流 3：按公告链接查询年报" and scripts/clawshire_annual_client.py's cmd_met_link which calls GET /api/v1/met_link?met_link=), causing the service to fetch/scrape untrusted third‑party webpage content and return extracted fields that the agent consumes and can materially influence subsequent analysis or actions.