The Agent Skills Directory

CREDENTIALS_UNSAFE (HIGH): A hardcoded API key for the FRED service was detected in the analysis script.
Evidence: API_KEY = "b36495528d4933449ac821a9fa35852d" found in scripts/analyze_shutdown.py.
Risk: Exposure of API keys can lead to unauthorized usage and potential service costs or account suspension for the owner.
COMMAND_EXECUTION (MEDIUM): The skill relies on the execution of local Python scripts to perform its primary functions.
Evidence: SKILL.md instructs the agent to run python scripts/analyze_shutdown.py and python scripts/visualize.py.
Risk: While the scripts appear to perform legitimate data analysis, local execution of skill-provided scripts always carries a risk of arbitrary code execution if modified.
EXTERNAL_DOWNLOADS (LOW): The script makes external network requests to fetch economic data.
Evidence: scripts/analyze_shutdown.py uses requests.get to call https://api.stlouisfed.org/fred/series/observations.
Risk: Although targeting a reputable source (Federal Reserve), external calls introduce dependencies on third-party availability and data integrity.
PROMPT_INJECTION (LOW): The skill contains 'Onboarding Guidance' that attempts to strictly control the agent's behavior and user interaction.
Evidence: SKILL.md contains instructions like "Do NOT suggest other questions" and "Keep the focus tightly on shutdown status".
Risk: While not a malicious bypass of safety protocols, these are steering instructions intended to override the LLM's default helpfulness and narrow its operational scope.
DATA_EXPOSURE (LOW): The skill writes analysis results and visualization charts to the local file system.
Evidence: scripts/analyze_shutdown.py writes to a JSON path provided via --output, and scripts/visualize.py writes a PNG file using plt.savefig().

us-gov-shutdown-tracker