The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill installs 'matplotlib' via pip for chart rendering. This is a well-known, trusted library for data visualization and its inclusion is appropriate for the skill's purpose.
[COMMAND_EXECUTION]: The workflow executes a local script ('scripts/render_position_chart.py') to process data and save an image. The script uses standard libraries and limits file operations to the specified output directory.
[SAFE]: No evidence of data exfiltration, obfuscation, or unauthorized access to system files was found. All data processing occurs locally within the agent's context.
[PROMPT_INJECTION]: Indirect injection surface was evaluated: 1. Ingestion points: hl_account, hl_open_orders, and hl_candles (SKILL.md); 2. Boundary markers: Absent when interpolating data into script arguments; 3. Capability inventory: File write and directory creation via matplotlib and Pathlib (scripts/render_position_chart.py); 4. Sanitization: Type validation and JSON parsing performed by argparse and the json module. The risk is safe as malicious inputs would only result in malformed chart text or rendering errors.

@1363/position-snapshot