The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The skill executes python scripts/collect_stock_data.py <股票代码> by directly interpolating user input. This allows an attacker to perform shell command injection by providing a 'stock code' such as 600519; cat /etc/passwd.
CREDENTIALS_UNSAFE (MEDIUM): The skill requires the TUSHARE_TOKEN environment variable to be set, which exposes sensitive API credentials to the execution environment and potential logging.
REMOTE_CODE_EXECUTION (HIGH): The identified command injection vulnerability provides a direct path to Remote Code Execution (RCE) on the system running the agent.
EXTERNAL_DOWNLOADS (LOW): The skill downloads and installs akshare, tushare, and pandas using pip. While these are legitimate libraries, they are unversioned in the instructions, which is a best-practice violation.
INDIRECT_PROMPT_INJECTION (HIGH): This skill has a high vulnerability surface for indirect injection. Mandatory Evidence Chain: 1. Ingestion points: The <股票代码> parameter and external financial data retrieved from akshare and tushare. 2. Boundary markers: None present. 3. Capability inventory: Execution of local Python scripts with arguments. 4. Sanitization: No sanitization or validation of the stock code input is mentioned.

data-collect