The Agent Skills Directory

[Data Exposure & Exfiltration] (SAFE): The scripts do not access sensitive local directories (~/.ssh, ~/.aws) or environment files. Data fetching is performed via the ccxt library to public exchange APIs for OHLCV (price/volume) data, which does not require authentication for the endpoints used.
[Unverifiable Dependencies] (SAFE): The requirements.txt file specifies well-known, high-repute packages from the Python Package Index (PyPI), including ccxt, pandas, and plotly.
[Indirect Prompt Injection] (LOW): The skill's primary function is to translate natural language trading ideas into technical parameters. While this involves processing untrusted user input to influence tool behavior, the implementation provided uses structured logic for indicator calculation rather than arbitrary code execution from user strings.
[Command Execution] (SAFE): No evidence of os.system, subprocess.run with unsanitized inputs, or hidden shell commands was found in the provided Python scripts.
[Obfuscation] (SAFE): All source code is provided in cleartext. There are no Base64-encoded payloads, zero-width characters, or homoglyph-based evasion techniques.

crypto-backtest