The Agent Skills Directory

[SAFE]: The skill's primary function is to gather financial data from a legitimate and documented third-party service (Financial Modeling Prep). All operations observed are consistent with this stated purpose.
[EXTERNAL_DOWNLOADS]: The skill communicates with financialmodelingprep.com to fetch earnings calendars and company profiles. This is a well-known financial data service and the interaction is handled using standard HTTP requests with proper timeout and error handling.
[COMMAND_EXECUTION]: The workflow involves executing bundled Python scripts (fetch_earnings_fmp.py and generate_report.py) to perform data retrieval and formatting. This is a routine method for extending agent capabilities and does not involve arbitrary command execution or shell injection vectors.
[CREDENTIALS_UNSAFE]: While the skill requires an API key, it implements safe handling practices. It prioritizes environment variables (FMP_API_KEY) and provides a fallback mechanism to prompt the user for session-only input, explicitly warning that keys are not persisted and should not be shared.
[DATA_EXFILTRATION]: Network activity is restricted to the official FMP API endpoints. No sensitive local data (such as SSH keys or system configs) is accessed or transmitted to external servers.
[INDIRECT_PROMPT_INJECTION]: The skill ingests data from an external API. Evidence chain:
Ingestion points: scripts/fetch_earnings_fmp.py fetches JSON data from financialmodelingprep.com.
Boundary markers: Data is processed through structured JSON parsing and then placed into Markdown tables, which provides structural delimitation.
Capability inventory: The agent can execute the included Python scripts and write the resulting report to a local file.
Sanitization: scripts/generate_report.py implements basic sanitization by truncating string fields like company names and sectors to fixed lengths before including them in the final report.

earnings-calendar