The Agent Skills Directory

[COMMAND_EXECUTION]: The file references/data-queries.md instructs the agent to execute shell commands for environment management and script execution, specifically source ../../.venv/bin/activate and python ../findata-toolkit-cn/scripts/views_runner.py.
[COMMAND_EXECUTION]: The skill implements data fetching by constructing shell commands that include variable parameters (--set key=value), which can lead to argument injection if inputs are not properly sanitized by the underlying toolkit.
[EXTERNAL_DOWNLOADS]: The skill initiates the installation of external dependencies using python -m pip install -r ../findata-toolkit-cn/requirements.txt, which targets a file outside the skill's controlled directory.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests data from external financial sources (e.g., Sina Finance ESG ratings) and uses it to perform analysis. It lacks explicit boundary markers to prevent embedded instructions in the fetched data from being interpreted by the agent, and it maintains command execution capabilities through its data-fetching toolkit.

esg-screener