The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute local Python scripts (scripts/stock_screener.py, scripts/data_fetcher.py, etc.) to perform analysis. This is a standard and safe implementation for providing complex functionality within a skill environment.
[EXTERNAL_DOWNLOADS]: The skill depends on well-known, legitimate Python packages (akshare, pandas, numpy). These are standard tools in the financial data science community and do not pose a security risk when installed from official package registries.
[DATA_EXFILTRATION]: No evidence of sensitive data exfiltration was found. The skill fetches public financial data and stores it in a local cache directory for performance, without sending user environment data to external servers.
[PROMPT_INJECTION]: The instructions in SKILL.md are descriptive and focus on functional workflows without attempting to bypass safety filters or override system constraints.
[INDIRECT_PROMPT_INJECTION]: The skill processes data from external financial APIs via the akshare library. While this is an ingestion point for untrusted data, the risk is minimal as the data is primarily numeric and structured financial records. The agent should still apply standard caution when interpreting string fields like 'Company Description' returned by these APIs.

china-stock-analysis