The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill manages IBKR authentication by storing the username and password in a local .env file. This data is used by scripts/keepalive.py to automate the login process via Selenium. The documentation provides a security warning and recommends using a read-only secondary user account to minimize risk.- [EXTERNAL_DOWNLOADS]: The scripts/setup.sh script downloads the official IBKR Client Portal Gateway from a well-known service (Interactive Brokers official domain). This is a standard requirement for accessing the IBKR API.- [COMMAND_EXECUTION]: The skill uses local shell scripts (setup.sh, start-gateway.sh) and Python scripts to manage the Gateway process and execute data retrieval commands. These operations are transparently documented and confined to the local environment.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by ingesting external data from financial news feeds.
Ingestion points: scripts/ibkr_readonly.py fetches news headlines and summaries from Yahoo Finance RSS feeds.
Boundary markers: None are explicitly used to delimit external news content from agent instructions.
Capability inventory: The agent can execute local Python scripts and perform additional web searches based on this data.
Sanitization: Content is parsed using standard XML libraries without specific filtering for embedded instructions.

ibkr-readonly