The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill instructions direct the agent to ask users for sensitive authentication headers or credentials when encountering paid content on external platforms such as Substack. This encourages users to share session tokens or passwords, which can be easily intercepted or misused.
Evidence (SKILL.md): "If auth is needed, ask for headers/credentials."
[COMMAND_EXECUTION]: The skill utilizes a high-risk capability tier by generating Python scripts and scheduling them for persistent execution on the host system.
Evidence (SKILL.md): schedule_task(command="python3 workspace/scripts/monitor.py", schedule="every 30 minutes")
Evidence (references/research-patterns.md): Provides a script template that performs network requests and accesses environment variables.
[PROMPT_INJECTION]: The skill exhibits a significant surface for Indirect Prompt Injection (Category 8) due to its interaction with untrusted external content.
Ingestion points: Untrusted data is ingested via web_fetch and web_search from various external websites and analyst reports (SKILL.md).
Boundary markers: Absent. There are no instructions to delimit fetched content or ignore embedded commands.
Capability inventory: The skill can write files and schedule periodic system commands via schedule_task (SKILL.md).
Sanitization: Absent. External content is processed and summarized without validation, meaning a malicious website or article could inject instructions that influence the agent's monitoring scripts or scheduling behavior.
[DATA_EXFILTRATION]: The combination of soliciting user-provided authentication headers and performing outbound network requests creates a potential exfiltration vector if the agent is manipulated into sending those headers to an attacker-controlled endpoint.

trading-strategy