rq-earnings-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches public announcement PDFs via scripts/extract_announcements.py (using announcement_link URLs) and permits/encourages using web_search (references/web_search.md and SKILL.md) to pull public news, and the workflow (SKILL.md step 4.5 and generate_report.py) requires the current LLM to read those raw_sections/web_search_findings and inject summaries that are then used to drive report conclusions—i.e., untrusted third‑party web content is ingested and can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The extract_announcements.py script fetches remote announcement URLs at runtime (e.g., announcement_link values such as PDFs from static.sse.com.cn) and the extracted text is written into announcement_extracts.json and then consumed by the current LLM to produce summaries, which means externally-hosted content is injected into the agent's model context and can directly influence its prompts/outputs.