stock-analysis-github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Phase 2/analysis workflow explicitly instructs the AI to perform MCP web searches and read/extract web content (智谱AI/Tavily web_reader, direct URL reading and Firecrawl) for industry news, research reports and public websites (see "Phase 2: 执行MCP搜索" in SKILL.md and the "数据来源"/MCP search sections in 分析框架.md), so it clearly ingests untrusted public third-party content that can influence subsequent analysis and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's .mcp.json explicitly runs "npx -y @zhipu-ai/mcp-server" at runtime to provide MCP (zhipu) searches used directly in Phase 2 analysis (i.e., the AI reads/search results fetched by that service), which means remote npm code will be fetched and executed during skill runtime and that external package therefore directly affects the agent's runtime behavior: npx -y @zhipu-ai/mcp-server