stock-portfolio

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly ingests public third‑party market/news data via the yahoo_client (e.g., scripts like forecast.py: "推定利回り算出中（アナリスト目標・ニュース・センチメント取得）..." and multiple modules calling yahoo_client.get_stock_info/get_price_history/get_macro_indicators), and those external news/sentiment/price feeds are used to produce alerts and concrete actions (forecast/rebalance/adjust) that materially influence decisions—creating a clear avenue for indirect prompt injection from untrusted web content.