The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill is highly susceptible to indirect prompt injection and command injection through shell interpolation.
Ingestion points: The skill ingests data from external financial APIs via the yfinance library and accepts user-provided inputs for symbols, watchlists, and filter parameters.
Boundary markers: No delimiters or instructions are provided to the agent to treat external or user-provided data as untrusted.
Capability inventory: The skill possesses the Bash(python:*), Write, and Edit capabilities, allowing it to execute scripts and modify the filesystem.
Sanitization: There is no evidence of input validation or sanitization. An attacker could provide a malicious symbol string (e.g., BTC-USD; [malicious_command]) that, when interpolated into the command python {baseDir}/scripts/scanner.py --symbols [input], results in arbitrary code execution.
[Command Execution] (MEDIUM): The skill relies on the Bash tool to execute Python scripts using computed paths ({baseDir}). The inclusion of examples using parent directory traversal (../trading-strategy-backtester/) indicates a risk of lateral movement and execution of files outside the skill's own restricted environment.
[Unverifiable Dependencies] (MEDIUM): The skill requires the installation of several external Python packages (yfinance, pandas, numpy, matplotlib) at runtime. While these are common libraries, they are not from a verified trusted source and represent a supply chain risk if a malicious version is installed.

generating-trading-signals