The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of the subprocess module to interact with the host system. It executes osascript to manage browser window focus, invokes the seren CLI for database environment resolution, and spawns the Playwright MCP server using node from paths determined at runtime.
[DATA_EXFILTRATION]: Sensitive financial information, including transaction descriptions and amounts, is transmitted to a remote service defined by WF_LLM_ENDPOINT for categorization. Additionally, masked transaction metadata is synchronized to a remote SerenDB instance.
[EXTERNAL_DOWNLOADS]: The skill is designed to download bank statement PDFs directly from Wells Fargo's servers using automated browser sessions.
[DYNAMIC_EXECUTION]: The skill implements dynamic path resolution in scripts/run.py to locate the Playwright MCP script on the local filesystem and executes it. It also generates and executes complex Javascript payloads within the browser context to handle site navigation and data extraction.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from bank statement PDFs. Transaction descriptions are extracted and sent to an LLM for categorization. There are no specific boundary markers or sanitization routines identified to prevent the LLM from potentially acting upon instructions embedded within transaction descriptions (e.g., a malicious merchant name).
Ingestion points: scripts/pdf_extract.py reads data from local PDF files.
Boundary markers: None detected in the categorization logic.
Capability inventory: Subprocess execution in scripts/run.py, browser automation in scripts/wf_download.py, and database writes in scripts/serendb_load.py.
Sanitization: Minimal regex-based extraction of transaction lines.

bank-statement-processing