stock-analysis-enhanced

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.72). Phase 2/3 运行时会把“当日公告/个股新闻/研报”等 OUTSIDER 文本通过 akshare 抓取后写入 HTML/JS（如 stock_full_report.py 的 ak.stock_news_em、ak.stock_notice_report、ak.stock_research_report_em → data.blocks → Phase 3 注入 LLM 上下文用于生成页面内容），属于公共/第三方来源的自由文本进入上下文的间接提示注入风险。

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes an .mcp.json runtime configuration that runs npx to fetch and execute remote MCP server packages (e.g., "npx -y @zhipu-ai/mcp-server" and "npx -y @tavily/mcp-server"), which downloads and runs remote npm code at runtime and is required for Phase 2 searches, so it is a runtime external dependency that executes remote code.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)