market-top-detector

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (Phase 1 in SKILL.md and the market_top_detector.py/breadth_csv_client.py) explicitly auto-fetches a public TraderMonty GitHub Pages CSV (https://tradermonty.github.io/...) and requires WebSearch of open sites (S&P 50DMA, CBOE put/call, barchart, etc.), and that third‑party content is parsed and used to compute component scores and recommendations — meeting the criteria for untrusted, user‑generated public content that can materially influence actions.