The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/auto_detect_candidates.py utilizes subprocess.run to execute an external command specified by the --llm-ideas-cmd argument. This facilitates the execution of arbitrary shell commands based on user-provided input.
[REMOTE_CODE_EXECUTION]: In scripts/validate_candidate.py, the tool dynamically generates a Python script string and executes it via subprocess.run using the python -c flag. This dynamic execution of generated code at runtime is a known risk factor for code injection.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted external data.
Ingestion points: Data is ingested through scripts/auto_detect_candidates.py from OHLCV parquet files and optional CSV/Parquet tables for news and futures.
Boundary markers: The skill lacks explicit boundary markers or 'ignore' instructions when interpolating market data summaries into the payload sent to the ideation LLM command.
Capability inventory: The skill has the ability to execute shell commands (subprocess.run) and write files to disk (Path.write_text), which could be leveraged if an injection is successful.
Sanitization: There is no evidence of sanitization or filtering of the content within the market data files to prevent embedded instructions from influencing the agent's behavior.

edge-candidate-agent