The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill processes external Level 2 market data which could theoretically be manipulated to influence agent logic.
Ingestion points: get_orderbook_state and connect_l2_stream calls in SKILL.md.
Boundary markers: Absent; the procedural steps do not include instructions for the agent to ignore potential embedded instructions within the market data stream.
Capability inventory: The skill includes the capability to trigger trade execution via the execute_confirmed_trade function.
Sanitization: Absent; the skill assumes data from providers like Alpaca or Polygon is pure market telemetry without performing validation for non-numeric content.
[Prompt Injection] (SAFE): No direct override markers, role-play/DAN injections, or attempts to extract system prompts were detected.
[Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths (e.g., .env, .ssh), or unauthorized network exfiltration patterns are present.
[Unverifiable Dependencies] (SAFE): The skill utilizes an MCP server (trading-orderflow) and established trading APIs. No unverified third-party package installations or piped remote executions (e.g., curl|bash) were found.
[Privilege Escalation] (SAFE): No commands for escalating system privileges (sudo, chmod) or modifying system configurations were detected.

orderflow-analysis