The Agent Skills Directory

[DATA_EXFILTRATION]: The skill's implementation instructions in references/implementation.md direct the agent to load API credentials from a specific local configuration file (config/crypto-apis.env), which involves the exposure of potentially sensitive credentials to the agent's context.\n- [EXTERNAL_DOWNLOADS]: The skill configuration and documentation (config/settings.yaml and ARD.md) specify the use of the CoinGecko API for retrieving historical price data. This is a well-known service used for legitimate financial lookups and is consistent with the skill's stated purpose.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its ingestion and processing of untrusted transaction data from external CSV files.\n
Ingestion points: scripts/transaction_parser.py (responsible for parsing CSV exports from various cryptocurrency exchanges).\n
Boundary markers: Absent; no specific markers or instructions are provided to ensure the agent ignores potential malicious instructions embedded within the transaction data.\n
Capability inventory: Bash(crypto:tax-*) and Write (used for generating and saving tax reports as defined in scripts/report_generator.py).\n
Sanitization: Input data is subject to basic validation through numeric and date parsing logic in the TransactionParser class.

calculating-crypto-taxes