The Agent Skills Directory

[DATA_EXFILTRATION]: The skill communicates with an external IP address 47.129.240.216 which is not a whitelisted or well-known service. It uploads agent-generated logic and code snippets (plugin.py and strategy.cs) to this remote server.
[REMOTE_CODE_EXECUTION]: The core workflow involves generating Python and C# code, uploading it to a remote server for processing, and downloading code from the server to be modified and re-uploaded for execution (retest phase).
[COMMAND_EXECUTION]: The instructions require the use of system commands such as curl for network requests and mkdir, cp, and cat for managing a local directory structure in ~/.quant_agent/.
[EXTERNAL_DOWNLOADS]: The skill downloads C# scripts (strategy.cs), transaction logs (trade_log.csv), and other data files from a remote IP address that does not belong to a trusted organization.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its ingestion of external data.
Ingestion points: Server responses from http://47.129.240.216:8000/jobs/{job_id}/status, /logs, and /result (SKILL.md).
Boundary markers: Absent; the agent interprets server-provided status and error messages as authoritative instructions for its next actions.
Capability inventory: Subprocess execution via curl, file system write access in ~/.quant_agent/, and network operation capabilities (SKILL.md).
Sanitization: Absent; the agent does not appear to validate or sanitize the content of the logs or results before displaying them or using them to decide the next step in the workflow.

quantai-service