The Agent Skills Directory

[COMMAND_EXECUTION]: The run.py script and scripts/lib/playwright_fallback.py use subprocess.run to execute shell commands for installing system dependencies and downloading external binaries. Specifically, run.py attempts to install the Cloudflare Tunnel binary to /usr/local/bin/ using sudo, which represents a privilege escalation risk.
[REMOTE_CODE_EXECUTION]: The skill includes logic to automatically install missing Python dependencies listed in requirements.txt via pip install. While it attempts to use trusted mirrors, the automated execution of package installation at runtime is a known vector for supply chain attacks.
[EXTERNAL_DOWNLOADS]: The skill fetches data and software from various external domains, including GitHub (github.com), Cloudflare (trycloudflare.com), and multiple financial data providers. It downloads the cloudflared binary directly from GitHub if not present on the system.
[PROMPT_INJECTION]: The skill fetches news headlines, social media posts, and search snippets from platforms like Xueqiu, Guba, and DuckDuckGo. This untrusted content is interpolated into agent prompts for multi-investor role-play analysis. While the skill instructs the agent to fact-check, it lacks robust boundary markers (e.g., XML tags or delimiters) to sanitize this external data against indirect prompt injection.

deep-analysis