The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill fetches external content from an untrusted source, which could be used to inject instructions into the agent's context.
Ingestion points: add_stock.py and summarize_performance.py fetch HTML content from https://stockpage.10jqka.com.cn/{stock_code}/ to extract stock names and performance indicators.
Boundary markers: None. The extracted strings (stock names and percentage changes) are printed directly to the console, where the agent reads them as part of its operational context.
Capability inventory: The skill is limited to reading/writing its own watchlist file and printing to stdout. It does not perform subprocess execution, dynamic code evaluation, or sensitive file access based on the ingested data.
Sanitization: The skill uses BeautifulSoup for HTML parsing and regular expressions for percentage extraction, which significantly restricts the types of content that can be successfully injected.
[Data Exposure & Exfiltration] (SAFE): The skill only accesses its own configuration and data files located in ~/.clawdbot/stock_watcher/. It does not access sensitive system files (e.g., SSH keys, AWS credentials) and does not transmit local data to non-whitelisted domains.
[Unverifiable Dependencies] (LOW): The skill relies on common third-party Python libraries (requests, beautifulsoup4). While these are standard, they must be manually installed by the user, and the skill does not verify their integrity at runtime.

stock-watcher