The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The core HTTP client implementation in scripts/_client.py explicitly disables SSL certificate verification and hostname checking (_ssl_ctx.check_hostname = False, _ssl_ctx.verify_mode = ssl.CERT_NONE). This configuration is highly insecure as it makes the skill vulnerable to Man-in-the-Middle (MitM) attacks, allowing an attacker on the same network to intercept the GANGTISE_ACCESS_KEY and GANGTISE_SECRET_KEY during authentication.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by fetching and processing external content from the Gangtise Knowledge Base.
Ingestion points: Data is ingested via scripts/query_kb.py (research reports, announcements, meeting summaries) and scripts/indicator.py (economic indicators and AI-generated content).
Boundary markers: The scripts do not implement delimiters or 'ignore' instructions when outputting retrieved content to the agent.
Capability inventory: The skill has the capability to write files to the local system via scripts/download_resource.py.
Sanitization: Content is processed by scripts/clean_md.py, which converts HTML to Markdown but does not perform security-focused sanitization to remove potential malicious instructions embedded in the reports.
[DATA_EXPOSURE]: API credentials and session tokens are stored in local files (.env, config.json, .token_cache). Although the scripts attempt to set restrictive file permissions (0o600), the presence of these secrets on disk increases the risk of exposure if the environment is compromised.

gangtise-kb