The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill makes network requests to 'spot-canvas-ledger-staging-uumkospiua-ey.a.run.app' and other endpoints defined by the 'LEDGER_URL' environment variable to synchronize trade data.
[COMMAND_EXECUTION]: Extensively uses 'curl' within Bash to perform POST, GET, PUT, and DELETE operations against the ledger's REST API.
[COMMAND_EXECUTION]: References a local command-line utility named 'ledger' (e.g., 'ledger accounts show', 'ledger trades delete'). The skill assumes this tool is pre-installed in the environment, but its source and internal logic are not provided for verification.
[REMOTE_CODE_EXECUTION]: Automated scanners identified the pattern of piping 'curl' output directly into 'python3'. Detailed manual analysis confirms the skill uses 'python3 -m json.tool' to pretty-print JSON responses. While this specific usage is intended for data formatting rather than executing remote scripts, the pattern of piping network-retrieved data into a language interpreter is a sensitive operation that can be restricted in hardened environments.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and displays data from external API endpoints (stats, positions, portfolio, trade lists).
Ingestion points: Data returned from the Spot Canvas ledger API via 'curl' is piped to stdout or processed by the agent.
Boundary markers: There are no protective delimiters or instructions to the agent to ignore potential commands embedded within the API's JSON response.
Capability inventory: The agent has access to the 'Bash' tool, which allows for file system access and network operations if the agent is manipulated by malicious data.
Sanitization: The skill does not perform validation or sanitization of the JSON values (such as 'strategy' names or 'entry_reason' descriptions) before they are processed by the agent.

record-trade