The Agent Skills Directory

[SAFE]: The skill uses a modular architecture, referencing a shared vendor toolkit ('findata-toolkit-cn') located in a relative directory path. All data queries target well-known and reputable financial services in the China market, such as East Money and Tonghuashun.
[COMMAND_EXECUTION]: The skill provides instructions to execute local Python scripts ('views_runner.py') for data retrieval. These operations are essential for the skill's primary purpose and are limited to fetching financial indicators.
[CREDENTIALS_UNSAFE]: The skill mentions the use of an environment variable 'XUEQIU_TOKEN' for API authentication. This follows security best practices by avoiding hardcoded secrets and relying on user-provided environment configuration.
[SAFE]: Regarding Indirect Prompt Injection (Category 8): 1. Ingestion points: Market data results from 'references/data-queries.md'. 2. Boundary markers: Absent in the prompt templates. 3. Capability inventory: Subprocess execution of local data scripts. 4. Sanitization: The skill primarily processes quantitative structured data (JSON) from established financial APIs, which significantly reduces the risk of adversarial injection.

small-cap-growth-identifier