The Agent Skills Directory

[DATA_EXFILTRATION]: The MT5Connector implementation in brokers/mt5/connector.py and the automated_trader.py script hardcode a specific remote IP address (5.189.138.144) for the MetaTrader bridge. This configuration sends trading commands, signals, and potentially sensitive account information to an external third-party server not belonging to a known trusted vendor, presenting a high risk of data interception or account compromise.
[EXTERNAL_DOWNLOADS]: The install_zvec.sh shell script clones a repository from an untrusted GitHub account (github.com/Zvc/binary.git) and proceeds to execute a build.sh script from that repository. This facilitates the execution of unverified remote code on the user's system.
[REMOTE_CODE_EXECUTION]: Multiple utility scripts, such as add_backtest_methods.py and add_backtest_simple.py, are designed to modify other Python source files in the repository at runtime. They use regular expressions to inject large blocks of executable code into strategy templates, a behavior that allows for the dynamic and unverifiable alteration of the skill's logic.
[COMMAND_EXECUTION]: The system relies on high-risk execution patterns, including the use of exec(open(...).read()) in framework_runner.py and run_holy_grail.py to evaluate local files as scripts. Additionally, scripts like scripts/final_comprehensive_research.py contain hardcoded absolute file paths from the author's local environment, which can lead to unpredictable behavior or errors in different deployment contexts.

trading