The Agent Skills Directory

[DATA_EXFILTRATION]: The file 'references/implementation.md' contains explicit instructions for the agent to use the 'Read' tool to access 'config/crypto-apis.env', a sensitive file path that likely contains API credentials.
[COMMAND_EXECUTION]: The script 'scripts/news_sentiment.py' performs dynamic code loading by modifying 'sys.path' at runtime to import a module ('NewsAggregator') from a sibling directory located five levels above the script's origin.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its news analysis feature. It ingests data from external RSS feeds and presents it to the agent without sufficient isolation. Ingestion points: 'scripts/news_sentiment.py' fetches content from CoinTelegraph, CoinDesk, and Decrypt. Boundary markers: There are no explicit markers or instructions to the LLM to ignore embedded commands within the fetched news headlines. Capability inventory: The skill is granted access to the 'Bash' tool to execute its analysis scripts. Sanitization: The script uses basic regular expressions to strip HTML tags and truncates headlines in its tabular output, but does not sanitize against malicious natural language instructions.
[EXTERNAL_DOWNLOADS]: The skill makes several network requests to external domains to gather market data and news. It targets well-known services including Alternative.me (for the Fear & Greed Index) and CoinGecko (for price and volume metrics).

analyzing-market-sentiment