The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The documentation file 'references/implementation.md' explicitly directs the AI agent to read API credentials from a '.env' file located at 'config/crypto-apis.env'. Accessing files with the .env extension is a significant security risk, as they are standard locations for sensitive environment variables, API keys, and other credentials. This instruction is notably inconsistent with other documentation stating the skill utilizes a free, public API.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user data from JSON portfolio files. The scripts 'scripts/portfolio_loader.py' and 'scripts/formatters.py' ingest and echo back string fields like 'notes' and 'memo' in JSON and CSV output formats. The absence of input sanitization or explicit boundary markers around these strings allows for potentially malicious instructions embedded in the portfolio data to influence the agent's behavior.
[COMMAND_EXECUTION]: The skill utilizes the 'Bash' tool to execute local Python scripts that perform file system operations and network requests. While these operations are part of the intended functionality, they increase the potential impact of the aforementioned credential exposure and prompt injection risks.
[SAFE]: The skill fetches real-time market data from CoinGecko, which is a well-known and reputable cryptocurrency data service.

tracking-crypto-portfolio