The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The script scripts/position_calculator.sh is vulnerable to shell command injection. It uses the read command to capture user input into variables (e.g., ACCOUNT_SIZE, RISK_PERCENT), which are then expanded inside a double-quoted string in a subshell: $(echo "... $VARIABLE ..." | bc). Because the variables are expanded before the shell parses the command inside the subshell, an attacker can provide input like 1\" ; id ; # to terminate the string and execute arbitrary commands.\n- DATA_EXFILTRATION (LOW): The script scripts/validate_plan.sh accepts a user-provided file path and executes grep commands on it. This creates a data exposure risk where an attacker could provide paths to sensitive local files (e.g., ~/.bashrc) and observe the script's output to determine if specific patterns or secrets exist within those files.\n- SAFE (SAFE): The file references/risk_management.md is a purely informational markdown file. It contains educational content on trading risk management and does not include any executable code, remote script references, or prompt injection attempts.

trading-plan-generator