The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run within its orchestrator scripts (run_picker.py and run_t1_tail_trade.py) to execute bundled Python scripts for data fetching and processing. These executions are performed using argument lists rather than shell strings, which is a secure method that prevents shell injection. The inputs are either static or validated ticker codes.
[EXTERNAL_DOWNLOADS]: The skill connects to well-known and reputable financial information services, primarily Tonghuashun (10jqka.com.cn), along with Eastmoney and Sina as fallbacks. These network operations are limited to retrieving public stock data and market news necessary for the skill's primary function and do not include the download or execution of remote scripts or packages.
[DATA_EXFILTRATION]: There is no evidence of unauthorized access to sensitive local files (such as SSH keys or environment variables) or the transmission of such data to external domains. The network activity is strictly scoped to the retrieval of public financial information.
[PROMPT_INJECTION]: The skill implements a clean_line function in its reporting scripts (render_report.py and render_t1_plan.py) that uses regular expressions to sanitize news titles and summaries fetched from external sources. This process removes potential injection characters and symbols, mitigating the risk of indirect prompt injection from third-party data.

a-share-stock-picker