The Agent Skills Directory

[PROMPT_INJECTION]: The skill uses f-string interpolation to insert user-controlled variables (e.g., ticker, sector, timeframe, price_data) directly into prompts sent to the Grok LLM. This creates a surface for indirect prompt injection if an attacker-controlled source provides input designed to override the agent's instructions.
Ingestion points: The variables ticker, timeframe, tickers, sector, and price_data are interpolated into prompts across multiple functions in SKILL.md (e.g., get_stock_sentiment, analyze_single_stock, compare_stocks).
Boundary markers: The skill does not use delimiters (such as XML tags or Markdown blocks) to isolate user-supplied data from the instructions, nor does it include explicit directives for the model to ignore instructions embedded within the data.
Capability inventory: The skill uses the openai Python library to perform network requests to the xAI API (api.x.ai). It does not exhibit dangerous local capabilities such as file system modification or arbitrary command execution.
Sanitization: There is no evidence of input validation, escaping, or sanitization of the user-supplied strings before they are interpolated into the prompt templates.

xai-stock-sentiment