The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted data from external web searches and news feeds.
Ingestion points: scripts/utils/search_tools.py ingests content from search engines (DuckDuckGo, Baidu, Jina) and news sources.
Boundary markers: The agent prompts use section headers (e.g., === 原始信号 ===) but do not include explicit instructions to ignore embedded commands within the ingested news content.
Capability inventory: The skill possesses the capability to write to the local SQLite database (scripts/utils/database_manager.py) and perform network requests via akshare and requests.
Sanitization: While scripts/utils/json_utils.py provides robust JSON extraction, there is no semantic filtering of ingested news text to prevent potential instruction injection.
[EXTERNAL_DOWNLOADS]: The skill downloads model weights and tokenizers from Hugging Face (NeoQuasar/Kronos-base and NeoQuasar/Kronos-Tokenizer-base) as well as embedding models from the sentence-transformers organization. These are well-known services and trusted repositories within the AI development ecosystem.
[COMMAND_EXECUTION]: Static detection flagged eval() calls in scripts/utils/predictor/training.py and scripts/utils/predictor/evaluation.py. However, these are false positives triggered by the standard PyTorch model.eval() method, which sets the neural network to evaluation mode and is entirely safe.
[SAFE]: The skill modifies environment variables in scripts/utils/stock_tools.py (temporary_no_proxy context manager) to temporarily unset proxy settings (http_proxy, https_proxy) during financial data synchronization. This is a functional side effect used to ensure connectivity to data providers.
[CREDENTIALS_UNSAFE]: The skill correctly manages API keys by retrieving them from environment variables (e.g., DEEPSEEK_API_KEY, JINA_API_KEY, OPENROUTER_API_KEY) via os.getenv, following security best practices.

alphaear-predictor