The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: In 'references/advanced.md', the guide directs users to download critical development components, including a GCC 8.4.0 toolchain ('mydes_gcc8.4.0.7z') and an environment variable editor ('RapidEE'), from Baidu Pan ('pan.baidu.com'). This is an untrusted third-party file-sharing site not verified for the integrity of distributed binaries.
[COMMAND_EXECUTION]: The 'references/advanced.md' file includes instructions to execute high-risk system commands ('rm /usr/bin/gcc' followed by 'ln -s ...') to manually overwrite the system's default compiler symlink. This modification can lead to system instability or supply chain risks if the replacement binary is malicious.
[CREDENTIALS_UNSAFE]: Documentation in 'references/tools-console.md' and 'references/getting-started-notes.md' explicitly provides default credentials ('superman' / 'Helloworld!') for the framework's monitoring console ('WtMonSvr' and 'WtStudio'), which could be exploited if the services are exposed to a network without being changed.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. Ingestion points: The framework ingests untrusted financial market data (K-lines and ticks) from external APIs such as 'tushare', 'baostock', and 'RQData', as well as from local CSV files, as documented in 'references/data-management.md'. Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the data ingestion logic. Capability inventory: The framework possesses capabilities for automated trading execution ('stra_enter_long', 'stra_exit_short'), local file system modification ('store_bars'), and network operations, identified across 'references/strategies.md' and 'references/advanced.md'. Sanitization: There is no evidence of sanitization or validation of the content within the financial data records before they are processed by the agent.

wtpy