The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external sources such as stock news, research reports, and user comments from Eastmoney. Evidence chain: 1. Ingestion points: Content is retrieved via 'web_fetch' and 'scripts/fetch_stock.py' from multiple eastmoney.com subdomains. 2. Boundary markers: Absent; there are no instructions or delimiters provided to warn the model about or isolate potential commands embedded in the fetched text. 3. Capability inventory: The skill has the ability to execute local scripts and write HTML files to the working directory. 4. Sanitization: Absent; no escaping or filtering logic is implemented for the external content before it is processed by the agent or written to reports.\n- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local Python script ('scripts/fetch_stock.py') using subprocess commands to perform API calls and browser automation. While this is the intended mechanism for data retrieval, it involves executing code outside of the primary prompt instructions.\n- [EXTERNAL_DOWNLOADS]: The skill relies on external Python packages 'requests' and 'playwright' as specified in 'scripts/requirements.txt'. These are well-known technology libraries, and their use for data fetching from Eastmoney (a well-known financial service) is documented neutrally as a functional requirement.

stock-analyzer