The Agent Skills Directory

[PROMPT_INJECTION]: The instructions in SKILL.md ('把脚本输出原样发给蟹大爷，不要修改、不要补充、不要总结') are a behavior override attempt. They mandate that the agent output data from the script exactly as received, bypassing the agent's safety filters, summarization capabilities, and instructions to remain helpful and safe.
[COMMAND_EXECUTION]: The script scripts/stock_briefing.py performs dynamic path manipulation by inserting a hardcoded absolute path ('/Users/xie/.openclaw/workspace/financial-data') into the Python system path. It then imports and executes multiple modules from this external location, which is not part of the skill's own package. This pattern of loading unverified code from the local file system is dangerous.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing and displaying data from untrusted external financial news sources (e.g., 'get_cls_telegraph').
Ingestion points: News data and financial quotes are fetched in scripts/stock_briefing.py.
Boundary markers: Absent; instructions specifically forbid the use of delimiters or any modification of the output.
Capability inventory: The skill is permitted to run logic via the Bash tool and python execution.
Sanitization: No evidence of sanitization, validation, or escaping of external content before it is included in the output.

stock-briefing