The Agent Skills Directory

[COMMAND_EXECUTION]: The file references/tradings-api-docs/README.md provides instructions for the agent to guide users to persistently modify shell startup files (~/.zshrc) using shell commands (echo) to store API keys. This pattern is classified as a persistence mechanism that modifies the user's operating environment and exposes credentials to all shell sessions.
[PROMPT_INJECTION]: The skill exhibits a significant indirect prompt injection surface. Instructions in SKILL.md and references/workflows/earnings-analysis.md direct the agent to ingest untrusted data from web searches and API responses (such as earnings call transcripts and management commentary). This external content is processed by sensitive tools (Python for chart generation, DOCX/XLSX skills for report assembly) without the use of boundary markers or sanitization, which could allow malicious external content to influence agent behavior.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of well-known Python packages (matplotlib, seaborn, pandas, numpy, plotly) for its core reporting functionality. These are recognized services and are handled as expected dependencies for the skill's purpose.

equity-research-analyst