neoapi-python

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs the agent to fetch and use open/public third‑party documentation (e.g., https://www.fbs.com.tw/TradeAPI/ and its llms.txt/.txt pages referenced in SKILL.md and references/doc-index.md) as authoritative inputs for mapping API calls and making trading decisions, which clearly means untrusted web content can be read and materially influence subsequent tool use and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about the Fubon Neo brokerage Python SDK and includes concrete, specific trading functions and workflows: login, constructing Order(...) objects, and calling sdk.stock.place_order(acc, order). It documents order placement, modify/cancel, querying order results, filled callbacks (sdk.set_on_filled), day-trade flows, and test vs prod order behavior. These are direct, purpose-built APIs to execute market orders and manage trading accounts (i.e., move money/securities), not generic tooling. Therefore it grants direct financial execution capability.