The Agent Skills Directory

[COMMAND_EXECUTION]: A command injection vulnerability exists in scripts/market-alpha-data-layer.py. The run_finance_http_call function constructs a shell command string using f-strings and executes it via bash -lc inside a docker exec call. Although inputs are passed through json.dumps, the resulting strings are placed inside double quotes within the shell command, allowing for command substitution (e.g., $(command)) to be interpreted and executed by the shell inside the container.
[DATA_EXFILTRATION]: The skill includes utilities like market-alpha-package-task.py and market-alpha-deliver.sh designed to bundle task data into ZIP files and send them via Feishu (feishu_send_file). If an attacker successfully compromises an agent via prompt injection, these tools could be leveraged to exfiltrate sensitive files from the workspace by manipulating task paths or slugs.
[PROMPT_INJECTION]: The skill's architecture is highly susceptible to indirect prompt injection (Category 8). It ingests untrusted data from various sources (FinanceMCP, news feeds, web searches) and processes it through multiple agents. The 'Bot Handoff' mechanism, which uses JSON blocks to pass instructions to downstream 'Rust bots' or other agents, provides a direct vector for poisoned data to influence subsequent automated actions.
[COMMAND_EXECUTION]: Multiple scripts, including market-alpha-agent-runner.py and market-alpha-quant-setup.py, frequently use subprocess.run to execute platform tools and internal scripts. While many of these calls use list-based arguments, the sheer volume of subprocess orchestration significantly increases the skill's total attack surface.

market-alpha-orchestrator