qmt-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow repeatedly instructs the agent to fetch and ingest public third‑party market data (e.g., xtdata.download_history_data, xtdata.subscribe_quote, ContextInfo.get_market_data_ex and get_full_tick) and references external knowledge URLs (https://dict.thinktrader.net, https://xuntou.net), and that external data is used to drive trading decisions (orders/passorder), so untrusted third‑party content can materially influence tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. The skill is explicitly a trading strategy / execution docs for the QMT live-trading system: it includes a "交易 API" (order placement and query functions), a live-trading guide, and concrete order-calling code (e.g., "下单买入" with passorder(...)). Those are specific market-order / execution APIs intended to move money/assets, so it grants direct financial execution capability.