The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (CRITICAL): The skill utilizes torch.load in scripts/kronos_predictor.py and scripts/utils/predictor/evaluation.py to load model weights. Since torch.load relies on the Python pickle module, it is inherently vulnerable to arbitrary code execution. This risk is critical here because the skill is designed to load models from unverified external sources.
[EXTERNAL_DOWNLOADS] (HIGH): In scripts/kronos_predictor.py and scripts/utils/predictor/kline_generate.py, the skill downloads models and tokenizers from the NeoQuasar repository on HuggingFace (NeoQuasar/Kronos-base). This repository is not part of the trusted organization list, and downloading executable-adjacent artifacts (weights) from untrusted sources is a major security risk.
[PROMPT_INJECTION] (MEDIUM): The skill implements an indirect prompt injection surface in scripts/prompts/forecast_analyst.py. External market news (news_context) is interpolated directly into the system prompt for the analyst agent. There are no boundary markers or sanitization logic to prevent malicious news content from hijacking the agent's logic to manipulate financial forecasts.
[COMMAND_EXECUTION] (LOW): scripts/utils/predictor/evaluation.py uses execute_query to interact with a local SQLite database. While the specific query shown is a simple SELECT, the presence of direct database interaction capability increases the potential impact of other vulnerabilities.

alphaear-predictor