The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill uses the yfinance Python library in scripts/data_fetcher.py to retrieve financial market data (stock prices, commodity futures, and crypto) from Yahoo Finance. This is a well-known and standard service for financial data acquisition.
[COMMAND_EXECUTION]: The skill requests and uses Bash(python:*) permissions to execute local scripts including scripts/analysis_toolkit.py, scripts/data_fetcher.py, and scripts/indicators.py. These scripts perform statistical analysis, technical indicator calculations, and data processing using libraries such as pandas, statsmodels, and scikit-learn.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external sources and generates markdown reports.
Ingestion points: scripts/data_fetcher.py (via yfinance API) and Tushare MCP tools.
Boundary markers: None identified. The skill does not explicitly instruct the agent to ignore potential instructions embedded in metadata or text fields from the financial data feeds.
Capability inventory: The skill has Write and Edit file system permissions and Bash execution capabilities via the MCP environment.
Sanitization: No specific sanitization or escaping of external string data is performed before it is interpolated into the markdown reports defined in references/output_templates.md.

financial-data-analysis