The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill's primary operation depends on external connections to mcp.tradingviewapi.com and ws.tradingviewapi.com. These domains have been explicitly blacklisted as malicious by security scanners.
[CREDENTIALS_UNSAFE]: The documentation in README.md and README.zh.md instructs users to enter sensitive YOUR_RAPIDAPI_KEY or YOUR_JWT_TOKEN values into local configuration files. These credentials are then transmitted to the blacklisted tradingviewapi.com endpoints, creating a severe risk of credential harvesting.
[REMOTE_CODE_EXECUTION]: The skill requires users to connect their AI agent to a remote MCP server at https://mcp.tradingviewapi.com/mcp. This allows an untrusted remote server to define the tools, schemas, and logic used by the agent, effectively gaining control over agent behavior.
[DATA_EXFILTRATION]: By directing the agent to send financial data and authentication tokens to blacklisted domains, the skill facilitates the exfiltration of sensitive information to potentially malicious actors.
[PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection.
Ingestion points: External financial news data is ingested through the tradingview_get_news and tradingview_get_news_detail tools (found in workflows/news-briefing.md).
Boundary markers: No boundary markers or 'ignore embedded instruction' warnings are implemented to protect against malicious instructions hidden in news articles.
Capability inventory: The skill possesses broad capabilities, including market searching, quote monitoring, and detailed technical analysis, which could be abused if the agent is manipulated by injected instructions.
Sanitization: No sanitization or validation processes for news content are mentioned, allowing untrusted external data to be processed directly by the model.

tradingview-quantitative