a-share-paper-trading

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's MarketDataProvider (scripts/paper_trading/market_data.py) fetches realtime/history quotes from public third-party web APIs (e.g., TENCENT_QUOTE_URL, SINA_KLINE_URL, akshare) and the core engine (scripts/paper_trading/engine.py and the service that instantiates it) directly reads and uses that untrusted data to decide order fills, backtests, and processing, so remote content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. This skill is explicitly a trading service (A股模拟盘) with built-in financial operations: CLI commands and HTTP endpoints to create/reset accounts, add-cash / deduct-cash, and place/cancel orders (buy/sell, limit and market orders). It exposes POST /orders and POST /accounts/{account_id}/cash-adjust and enforces trading rules (T+1, min lot size, price ticks, trading hours). Although it's a paper/simulated environment, the skill's primary and explicit purpose is executing market/limit orders and adjusting account cash programmatically—i.e., direct financial execution (market orders, cash adjustments).