The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests large amounts of untrusted text from external financial reports without sanitization or boundary markers.
Ingestion points: annual_report.txt (converted from downloaded PDF) and JSON output from the Tushare API.
Boundary markers: Absent. The skill does not use delimiters or instructions to isolate untrusted data from its core logic.
Capability inventory: Shell command execution (pdftotext, mkdir), local Python script execution, and file system operations.
Sanitization: Absent. No validation or filtering is performed on the text extracted from external documents.
[COMMAND_EXECUTION]: The skill executes multiple shell commands and local Python scripts as part of its workflow.
Evidence: mkdir -p, python3 {project_root}/scripts/minesweeper_data.py, python3 {project_root}/scripts/download_report.py, and pdftotext -layout.
Context: These are used for directory setup, data collection, and PDF-to-text conversion. While these are intended functionalities, they provide a broad capability surface if exploited via injection.
[EXTERNAL_DOWNLOADS]: The skill downloads annual reports from URLs found through web searches.
Evidence: python3 {project_root}/scripts/download_report.py --url "{pdf_url}".
Context: The skill uses the download_report.py script to fetch PDF files from dynamically identified external sources.

minesweeper