tushare
Warn
Audited by Snyk on May 31, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.72). 该 skill 的运行时数据摄取会调用 Tushare 的“新闻/互动问答/公告”等接口返回的字段(如
content、q、a、reason、lu_desc等)作为可读文本进入 LLM 上下文;这些文本来自第三方公开内容/用户提问回复(如上证e互动、深证互动易、新闻快讯、上市公司公告),属于 OUTSIDER 署名的自由文本,存在间接提示注入风险。
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata