industry-board-analyzer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow and references/data-queries.md explicitly instruct running shared scripts/views that fetch market data from public third-party sources (e.g., 东方财富 via stock_board_industry_name_em, 同花顺/ths via stock_board_industry_index_ths/stock_fund_flow_industry, AKShare/巨潮资讯), and the agent is expected to read and act on that external data to generate signals and decisions—exposing it to untrusted web content that could carry indirect prompt-injection vectors.