The Agent Skills Directory

[COMMAND_EXECUTION]: Potential SQL Injection in 'analyzers/balancesheet/search.py'. The 'get_balancesheet_history' function directly interpolates the 'limit' variable into the SQL query string using an f-string: 'sql += f" LIMIT {limit}"'. This pattern bypasses SQL parameterization and can lead to arbitrary SQL execution if the 'limit' parameter is derived from untrusted user or agent input. Additionally, 'search_by_field' in the same file interpolates the 'order' parameter without validation.
[PROMPT_INJECTION]: Surface for Indirect Prompt Injection in the brokerage report parsing module. • Ingestion points: 'interpreters/research/extract.py' downloads and extracts text from external PDF research reports via 'pdfplumber'. • Boundary markers: The Gemini prompt template in 'interpreters/research/_shared/llm.py' lacks delimiters or boundary markers to isolate the untrusted PDF text from the core instructions. • Capability inventory: The skill has capabilities for file system access, local SQLite database operations, and network requests to Tushare and Google Generative AI. • Sanitization: No sanitization, filtering, or instruction-override protection is applied to the extracted PDF text before LLM processing.

stock-research-group