stock-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches public third-party content (news via the Market Data API's /api/data/stocks/news endpoint in SKILL.md and SEC EDGAR filings via the edgartools flow in references/sec-edgar.md), and the workflows require the agent to read and use that untrusted news/filing text (and derived sentiment) to drive analysis and recommendations, which could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires installing and importing the third‑party Python package via "pip install edgartools" (fetched from PyPI — https://pypi.org/project/edgartools), which downloads and executes remote code at runtime and is a required dependency for the SEC EDGAR functionality.