The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches historical price data from established and well-known providers, specifically Yahoo Finance (via the yfinance library) and CoinGecko's public API. These operations are restricted to retrieving time-series financial data for backtesting purposes and do not involve the execution of remote scripts.
[COMMAND_EXECUTION]: The skill uses the Bash(python:*) tool to execute its own Python scripts. The scripts perform data processing, mathematical calculations, and file operations within the skill's local directory (data/, reports/, config/). No arbitrary command execution or shell injection vulnerabilities were found.
[DATA_EXFILTRATION]: No evidence of unauthorized data access or exfiltration. The skill reads price data and configuration files, and writes backtest results and charts to local storage. Network access is strictly limited to fetching market data from public APIs.
[PROMPT_INJECTION]: The instructions and documentation are focused on guiding the user and the agent through the backtesting process. There are no attempts to override system prompts, bypass safety filters, or manipulate the agent's core behavior.
[INDIRECT_PROMPT_INJECTION]: The skill processes external data (price CSVs and CLI parameters). While this represents a potential surface, the data is handled strictly as numerical input for calculations or structured configuration. There is no evidence that this data is interpolated into prompts in a way that could influence agent behavior.

backtesting-trading-strategies