The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/search_token.sh script is vulnerable to Python code injection because the shell variable ${TOKEN} is interpolated directly into a Python heredoc. A malicious input like BTC"; import os; os.system('ls'); # would execute arbitrary code.
[COMMAND_EXECUTION]: The scripts scripts/test_all.sh and scripts/test_connector.sh use the source command to load configuration from .env files in the current and home directories. This enables arbitrary shell execution if an attacker can write to these locations.
[PROMPT_INJECTION]: The skill processes and displays data from an external API, creating a surface for indirect prompt injection. Ingestion points: Trading rules are fetched from the Hummingbot API and stored in data/trading_rules.json. Boundary markers: No delimiters are used when the agent displays the rules table. Capability inventory: The skill possesses the ability to execute shell scripts, run Python code, read/write local files, and make network requests. Sanitization: No validation or escaping is performed on the data retrieved from the API.
[CREDENTIALS_UNSAFE]: The skill relies on default credentials (admin/admin) for API access and encourages the storage of sensitive information in plaintext .env files.

connectors-available