Sequoia-X

The skill automates the installation and execution of an external software package by cloning a GitHub repository (https://github.com/sngyai/Sequoia-X.git) and running its Python entry point. While this behavior is aligned with the stated purpose of providing a quantitative trading tool, the practice of downloading and executing remote code without integrity verification (e.g., commit pinning or checksums) constitutes a high-risk capability. Additionally, the SKILL.md file instructs the AI agent to perform shell-based discovery and execution of scripts (install.sh and run.sh), which increases the potential attack surface for remote code execution if the external repository is compromised.