The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run to execute external Python scripts (analyze.py and portfolio.py) based on user queries. This occurs in main.py under the VOLUME_ANALYSIS and PORTFOLIO intents. While it targets specific internal paths, the reliance on shell-like execution for core logic increases the attack surface if input sanitization in those external scripts is weak.
[EXTERNAL_DOWNLOADS]: The README.md and SKILL.md files instruct the user to install external dependencies such as akshare, pandas, and matplotlib. While these are well-known libraries, the skill also points to a local path (/Users/molezz/Library/Python/3.9/lib/python3.9/site-packages) which indicates it is configured for a specific local environment, potentially leading to path traversal or privilege issues if deployed elsewhere.
[PRIVILEGE_ESCALATION]: The code in adapters/akshare_adapter.py attempts to access specific system font paths such as /Library/Fonts/ and /System/Library/Fonts/, as well as creating directories in /tmp/stock_charts. While generally used for rendering, unauthorized file system interaction with system directories is a noted risk pattern.
[DATA_EXPOSURE]: The skill manages a 'portfolio' by executing a script that likely reads/writes local files to track holdings, which could lead to exposure of financial data if the storage mechanism is not secured.

akshare-stock