The Agent Skills Directory

[Dynamic Execution] (MEDIUM): The workflow utilizes edgar-analyzer generate-code followed by edgar-analyzer run-extraction. This pattern indicates that executable code is synthesized at runtime based on project patterns and then executed to perform data extraction. This creates a risk if the generation logic is influenced by malicious patterns in the input data.
[Indirect Prompt Injection] (LOW): The skill ingests data from external SEC EDGAR filings.
Ingestion points: SEC filings are fetched via fetch_apple_def14a.py and other discovery scripts.
Boundary markers: No specific delimiters or safety instructions are mentioned to prevent the agent from obeying instructions hidden within financial filings.
Capability inventory: The skill possesses network access (SEC API, OpenRouter, Jina) and file writing capabilities (CSV/JSON output).
Sanitization: No sanitization of filing content is described before it is processed by the code generation or extraction logic.
[Data Exposure] (LOW): The setup command requests sensitive credentials including OPENROUTER_API_KEY and JINA_API_KEY. While the skill uses a setup wizard rather than hardcoding keys, the handling of these keys by a non-standard CLI tool (edgar-analyzer) from an untrusted repository should be monitored for exfiltration.
[External Downloads] (LOW): The skill identifies and downloads filings from the SEC EDGAR system. While the source is a government entity, the content of these downloads is untrusted and serves as the primary input for the extraction logic.

sec-edgar-pipeline