investment-intelligence

This skill specification describes legitimate investment-intelligence functionality and contains no direct signs of malware, hard-coded secrets, or execution chains. Primary concerns are operational: missing connector endpoint provenance, absent authentication/scoping guidance, no data-retention or PII-handling policies, and limited error/retry control. These gaps create a moderate security risk mostly centered on potential credential forwarding and data exfiltration if the agent/platform or connector implementation is not trusted. Recommendation: verify the connector implementation (endpoints, TLS certs, hosting), enforce least-privilege tokens, add explicit data-handling and redaction rules, and implement retry/backoff and logging/audit controls before enabling in sensitive environments.