The Agent Skills Directory

[External Downloads] (LOW): The skill uses the webdriver-manager package in the fetch_china_10y.py script to download and install the ChromeDriver binary at runtime. This involves executing a binary downloaded from an external source.
[Data Exfiltration] (LOW): The skill performs network requests to non-whitelisted domains including finance.yahoo.com and tradingeconomics.com. These operations are legitimate and necessary for the skill's primary function of fetching financial data.
[Command Execution] (LOW): Workflows instruct the agent to execute local Python scripts (fetch_data.py, fetch_china_10y.py, copper_stock_analyzer.py) which manage data collection and statistical analysis.
[Indirect Prompt Injection] (LOW): The skill ingests data from external financial websites, which could serve as a vector for indirect injection if those sources were compromised. However, the data is primarily numeric.
Ingestion points: Data is fetched from yfinance and scraped from TradingEconomics using Selenium.
Boundary markers: Absent; data is processed directly as numeric input.
Capability inventory: Network requests, local file caching (data/cache/), and shell script execution.
Sanitization: The scraping logic converts text to floats (e.g., float(yield_element.get_text())), providing basic protection against non-numeric payloads.

analyze-copper-stock-resilience-dependency