Tearsheet Generator

The skill is classified as suspicious due to critical vulnerabilities, primarily a hardcoded `sys.path.insert` in `commands/generate-tearsheet.md` (`/Users/DanBot/Desktop/dev/Backtests`). This path hijacking vulnerability could allow an attacker to execute arbitrary code if they control that specific local directory. Additionally, the use of user-controlled inputs like `strategy_name` in file paths (e.g., `f"{strategy_name}_comparison_metrics.json"` in `commands/verify-backtest.md`) without explicit sanitization creates a path traversal risk. While the skill's stated purpose is benign and there's no direct evidence of intentional malice (e.g., data exfiltration, backdoors), these severe vulnerabilities make it highly exploitable.