The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted data from external sources, such as news headlines and market reports, through the SearchService and IntelAgent. This data is interpolated into the agent context in files like src/analyzer.py and src/agent/agents/intel_agent.py. While the prompts use Markdown headers as delimiters, there is a lack of rigorous sanitization or structural isolation for this untrusted input. This creates a surface for indirect prompt injection, where maliciously crafted web content could attempt to influence the agent's analysis, reasoning, or tool-calling logic.
[CREDENTIALS_UNSAFE]: The application manages numerous sensitive API keys for LLM providers and search services, which are stored in a local .env file and managed through the LLMChannelEditor.tsx component in the Web UI. Although the project includes an optional authentication layer (ADMIN_AUTH_ENABLED), this feature is disabled by default. If the application is deployed on a public or shared network without enabling authentication, these credentials could be exposed or modified by unauthorized parties.

stock_analyzer