The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The file lib/defaults.json contains a hardcoded accessKeyId and accessSecret. While the comments suggest these are public free-tier credentials, hardcoding secrets within the skill's source files is a high-risk practice.\n- [COMMAND_EXECUTION]: The scripts scripts/ft-deploy.mjs and scripts/ft.mjs utilize execSync to perform system-level operations. These include managing Freqtrade daemon processes via supervisorctl and pgrep, checking for system dependencies, and executing the freqtrade binary.\n- [REMOTE_CODE_EXECUTION]: The script scripts/ft-deploy.mjs implements remote code execution by downloading and running the uv installer from astral.sh using a curl | sh pipe. It also clones the Freqtrade repository from GitHub and executes a setup.sh script. Furthermore, lib/strategy-builder.mjs dynamically generates Python code for trading strategies, which is then written to the file system and executed.\n- [EXTERNAL_DOWNLOADS]: The skill downloads historical data and market signals from external sources such as open.aicoin.com and GitHub repositories.\n- [DATA_EXFILTRATION]: The skill accesses sensitive local files including .env and .ft_api_pass to retrieve trading credentials. The combination of reading sensitive local data and having functional network clients creates a potential surface for data exfiltration.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection from untrusted external data:\n
Ingestion points: Market analysis, AI predictions, and news data are fetched via the AiCoin API in lib/aicoin-api.mjs.\n
Boundary markers: External data is processed without delimiters or instructions to the agent to ignore embedded commands.\n
Capability inventory: The skill has powerful system capabilities, including file system write access and the ability to execute shell commands through execSync.\n
Sanitization: There is no evidence of filtering or sanitizing text data received from the remote API before it is handled by the agent.

aicoin-freqtrade