The Agent Skills Directory

[COMMAND_EXECUTION]: The pangolin-producer.py and pangolin_config.py scripts utilize subprocess.run to interact with platform-standard CLI tools like mcporter (for market data access) and openclaw (for signal ingestion). These calls use structured argument lists rather than shell strings, preventing command injection vulnerabilities. The operations are essential for the skill's functionality within the trading ecosystem.- [EXTERNAL_DOWNLOADS]: Installation instructions in SKILL.md direct the user to download strategy files from the Senpi-ai GitHub organization. This source is the official repository for the skill's author and is recognized as a trusted vendor source.- [PROMPT_INJECTION]: The runtime.yaml configuration defines an LLM-based decision gate for opening positions. The prompt provided for this gate contains operational logic and validation rules for trading signals. It does not attempt to override platform safety filters, extract system instructions, or behave in a malicious or deceptive manner.- [SAFE]: The skill follows the intended architectural patterns for a trading strategy on this platform. It implements proper state management, reentrancy guards for scheduled tasks, and adheres to the principle of least privilege by separating signal generation from execution.

pangolin-strategy