The Agent Skills Directory

[SAFE]: No malicious patterns, obfuscation, or credential theft attempts were identified. The skill correctly implements its stated functionality using standard Python libraries.\n- [COMMAND_EXECUTION]: The skill executes a local script scripts/quote.py using the uv or python command. The user-provided ticker symbol is passed as a command-line argument and normalized to uppercase, which prevents basic shell injection attacks.\n- [EXTERNAL_DOWNLOADS]: The skill declares dependencies on yfinance and a internal package trading-skills. yfinance is a widely recognized library for accessing Yahoo Finance data.\n- [SAFE]: (Indirect Prompt Injection Surface) The skill ingests external data from financial markets. This represents a potential surface for indirect prompt injection if an attacker could manipulate market data fields to include instructions for the LLM. However, the risk is negligible given the structured nature of stock data and the skill's limited capabilities.

stock-quote