The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes shell commands to activate virtual environments and execute local Python scripts (source ../../.venv/bin/activate, python ../findata-toolkit-cn/scripts/views_runner.py). These operations are directed at the vendor's own toolkit.- [EXTERNAL_DOWNLOADS]: The skill instructions include installing Python dependencies via pip install from a local requirements file, which is a standard procedure for environment preparation.- [CREDENTIALS_UNSAFE]: The documentation mentions using an environment variable XUEQIU_TOKEN for certain data requests. This is a legitimate configuration requirement for accessing specific financial APIs.- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8). 1. Ingestion points: External market data from sources like East Money and Tonghuashun (references/data-queries.md). 2. Boundary markers: Results are returned in structured JSON, but no explicit instruction-blocking delimiters are used. 3. Capability inventory: Ability to run shell commands and Python scripts. 4. Sanitization: The methodology does not detail any specific sanitization of external data before processing.

fund-flow-monitor