The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads SEC filings from the official EDGAR database using the sec-edgar-downloader library. As the SEC is a well-known and trusted regulatory service, these downloads are considered safe and represent the core intended functionality.
[PROMPT_INJECTION]: The skill processes external documents, creating a potential surface for indirect prompt injection. This risk is addressed by the clean_sec_filing.py script, which sanitizes ingested text by removing HTML tags, binary data, Base64 blocks, and invisible Unicode characters before the data is passed to the language model.
[COMMAND_EXECUTION]: Local Python scripts are used to coordinate the research workflow, clean data, and interact with the Gemini API. These scripts perform standard file operations and API calls without constructing dangerous shell commands or using unauthorized system resources.
[SAFE]: No evidence of credential exfiltration, obfuscation, persistence mechanisms, or unauthorized privilege escalation was found in the skill's scripts or prompt logic.

us-stock-researcher