The Agent Skills Directory

REMOTE_CODE_EXECUTION (CRITICAL): File PREPARE.md instructs users to install the uv tool using piped remote scripts: curl -LsSf https://astral.sh/uv/install.sh | sh and powershell -c "irm https://astral.sh/uv/install.ps1 | iex". Source: astral.sh (Untrusted/Unknown). Execution method: Piped shell execution. This is a critical vulnerability that allows unverified code to run directly on the host system.
COMMAND_EXECUTION (HIGH): The skill documentation encourages the use of system commands for package management (pip install, uv add) and repository cloning (git clone). These provide powerful primitives that an attacker could abuse via prompt injection to execute arbitrary code.
EXTERNAL_DOWNLOADS (MEDIUM): The skill downloads the shioaji library and clones an external repository (Sinotrade/sj-trading-demo). These sources are not included in the Trusted External Sources whitelist and thus represent unverifiable dependencies.
PROMPT_INJECTION (HIGH): Vulnerability to Indirect Prompt Injection (Category 8). The skill ingests untrusted market data and has high-stakes trading capabilities. Ingestion points: Market quotes and contract data are ingested via api.quote.subscribe and api.Contracts. Boundary markers: Absent; there are no delimiters or instructions for the agent to ignore commands embedded in financial data. Capability inventory: The skill can place, modify, and cancel financial orders via api.place_order, api.update_order, and api.cancel_order. Sanitization: Absent; external data is processed and used to inform trading decisions without filtering.

shioaji