The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill uses the yfinance library to retrieve market price data from Yahoo Finance. Yahoo Finance is a well-known and established service for financial market information, and its use here is consistent with the skill's purpose of valuing portfolio holdings.
[COMMAND_EXECUTION]: Several utility bash scripts are included: setup-env.sh for environment preparation, export-portfolio-performance.sh for executing the conversion, and validate-export.sh for checking script integrity. These scripts perform standard local operations, such as creating a virtual environment and invoking the Python interpreter.
[DATA_EXFILTRATION]: No unauthorized data exfiltration patterns were detected. Financial data is processed locally from user-provided files, and resulting exports are saved to the project's results/ directory.
[PROMPT_INJECTION]: The skill's instructions in SKILL.md and references/portfolio-performance-csv.md are descriptive and technical. They do not contain any instructions that attempt to override agent behavior, bypass safety filters, or extract system prompts.
[SAFE]: The code is well-structured and uses standard libraries like pandas and openpyxl. No obfuscation, persistence mechanisms, or privilege escalation attempts were found during the analysis.

xtb-portfolio-performance-export