The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (MEDIUM): The skill utilizes webdriver-manager in workflows/data-fetch.md to automatically download and execute browser driver binaries at runtime. This pattern involves executing untrusted code from remote repositories, though the tool itself is a common developer utility.- [COMMAND_EXECUTION] (MEDIUM): The use of selenium for scraping sedarplus.ca involves full browser automation. If the targeted website or an intermediary serves malicious content, it could potentially exploit the browser instance or the automation scripts.- [EXTERNAL_DOWNLOADS] (LOW): The skill makes extensive use of yfinance, httpx, and pandas to download data from Yahoo Finance, SEC.gov, and various ETF provider websites. While these are reputable financial data sources, the skill establishes multiple outbound network connections to non-whitelisted domains.- [INDIRECT_PROMPT_INJECTION] (MEDIUM): In workflows/data-fetch.md and workflows/analyze.md, the skill ingests 'Management's Discussion & Analysis' (MD&A) text and other unstructured data from external filings. This content is processed using regex and summarized by the agent. There are no explicit boundary markers or sanitization steps to prevent instructions embedded in these public documents from influencing the agent's summary generation logic.

backsolve-miner-vs-metal-ratio-with-fundamentals