The Agent Skills Directory

[COMMAND_EXECUTION]: The skill extensively utilizes the longbridge CLI tool to fetch market and financial data. Instructions in SKILL.md and references/workflow.md guide the agent to execute shell commands where output is piped into files or directly into python3 -c for processing. This reliance on executing commands with data-driven arguments represents a potential vector for command injection if the underlying tool or the shell environment handles inputs insecurely.- [REMOTE_CODE_EXECUTION]: The skill implements a workflow involving dynamic code execution (Category 10). It provides a template script scripts/generate_report.py which the agent is instructed to populate with "actual company data" retrieved at runtime and then execute using python3. This process of generating and running scripts that incorporate externally sourced data poses a risk of arbitrary code execution if the data contains malicious code that escapes the template's intended structure.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its ingestion of untrusted external content. Evidence: 1. Ingestion points: The skill reads data from longbridge filing detail (10-K/10-Q text), longbridge news, and web-searched earnings call transcripts (as detailed in references/workflow.md). 2. Boundary markers: The instructions lack explicit boundary markers or "ignore embedded instructions" warnings for the agent when processing this data. 3. Capability inventory: The agent has the capability to write files, execute shell commands, and run python scripts. 4. Sanitization: There is no evidence of sanitization, validation, or escaping of the ingested external content before it is processed by the agent or used in the report generation script. This surface could allow an attacker to influence the agent's behavior through instructions hidden in public financial documents or news.

longbridge-earnings