The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/generate_report.py utilizes subprocess.run to invoke an external HTML renderer script. The path to this script is resolved via environment variables or relative directory searches within the project structure. This is used solely for converting the final Markdown report into HTML format.
[EXTERNAL_DOWNLOADS]: The skill fetches PDF announcement files directly from official financial infrastructure domains, specifically static.sse.com.cn (Shanghai Stock Exchange) and szse.cn (Shenzhen Stock Exchange). These operations are necessary to extract event dates that are not available in structured data formats.
[OBFUSCATION]: The script includes a specialized function calc_sse_acw_cookie which employs a position-based XOR algorithm with a hardcoded mask (ACW_MASK). This logic is a known requirement for handling session cookies (acw_sc__v2) on Chinese stock exchange websites to prevent automated bot blocking. While it appears as sophisticated logic, it serves a legitimate functional purpose for data retrieval from official sources.
[DATA_EXPOSURE_&_EXFILTRATION]: No evidence of unauthorized data exfiltration was found. The skill processes local JSON data and remote PDFs to generate research reports, with network activity limited to fetching public financial documents from authoritative sources.
[INDIRECT_PROMPT_INJECTION]: The skill processes external data (PDF text and web search summaries) to populate report templates. It uses a token-based templating system ([[TOKEN]]) which provides structural separation. Although it handles untrusted data, its capabilities are restricted to file generation and report rendering, presenting a low risk for injection-based attacks.

rq-catalyst-calendar