The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the '@openduo/finflow' package globally from the NPM registry. This package is from an unverified source and is not managed by a trusted organization.\n- [CREDENTIALS_UNSAFE]: The 'config login' command is documented to 'Auto-extract from macOS Chrome (Keychain + AES-128-CBC)'. This feature programmatically accesses and decrypts the user's browser credentials and session cookies, which is a high-risk operation for an AI agent.\n- [COMMAND_EXECUTION]: The skill operates by executing shell commands via the 'finflow' CLI, which involves running third-party code in the local user environment.\n- [DATA_EXFILTRATION]: The skill's ability to extract local authentication tokens (cookies) and use them for authenticated requests to external APIs presents a significant risk of sensitive data exposure.\n- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by ingesting and processing live news and flash feeds from external platforms.\n
Ingestion points: Untrusted content from CLS, Jin10, and Gelonghui is retrieved using 'info flash' and 'info news' subcommands (SKILL.md).\n
Boundary markers: No delimiters or safety instructions are provided to separate external news content from the agent's logic flow.\n
Capability inventory: The agent possesses local command execution and browser credential extraction capabilities (SKILL.md).\n
Sanitization: The instructions do not specify any sanitization, filtering, or validation of the ingested news data before it is presented to the model.

finflow