The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads content from the developer's official GitHub repository (finhay-pro/finhay-skills-hub) via the sync.sh and sync.ps1 scripts to keep skill data and dependencies up-to-date.\n- [REMOTE_CODE_EXECUTION]: The skill implements a self-update mechanism that replaces local executable scripts (request.sh, sync.sh) with content fetched from a remote source, which can alter the skill's logic at runtime.\n- [COMMAND_EXECUTION]: The skill executes local shell and PowerShell scripts to sign API requests and update local environment variables in ~/.finhay/credentials/.env.\n- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it ingests and processes external market news and reports that contain free-text fields. Mandatory Evidence: 1. Ingestion points: /market/news (title, body) and /market/recommendation-reports/{symbol} (description, recommendation). 2. Boundary markers: Absent. 3. Capability inventory: Network access via curl, subprocess execution of shell/PowerShell scripts, and file system writes to .env and .tmp files. 4. Sanitization: No sanitization or filtering of external text content is implemented.

finhay-market