The Agent Skills Directory

[DATA_EXFILTRATION]: Path Traversal Vulnerability. The resolve_output_path function in scripts/_output_helper.py joins user-controlled filenames from CLI arguments (via --output) to a base directory without sanitizing parent directory references (e.g., ../../). This allows an attacker to write files to arbitrary locations on the file system, which could lead to data corruption or system compromise if configuration files are overwritten.
[PROMPT_INJECTION]: Indirect Prompt Injection Surface.
Ingestion points: Untrusted financial news content is fetched from the AKShare API in scripts/core/akshare_provider.py using the get_stock_news method.
Boundary markers: The Markdown report templates in assets/templates/ do not employ delimiters or instructions to ignore embedded commands within news data.
Capability inventory: The skill possesses capabilities for arbitrary file writing and executing local Python scripts through CLI orchestration.
Sanitization: External news headlines and metadata are interpolated into Jinja2 templates without sanitization or escaping, allowing potentially malicious instructions in news feeds to influence the agent's reasoning.
[COMMAND_EXECUTION]: Shell Orchestration Risk. Project documentation files such as references/quick_start.md and references/candlesticks_guide.md demonstrate the use of shell scripts and Python's subprocess module to chain analysis tasks. While functional, this execution model increases the impact of path traversal or injection vulnerabilities.

stock-analysis