Binance Futures Alpha Radar

This skill's code appears coherent with its purpose: the Python script fetches public Binance futures data and computes trading indicators, and no credentials are required. However, the SKILL.md explicitly instructs the agent to read files outside the packaged skill (e.g., ../../../src/main/resources/system-prompt.txt), which is unnecessary for public-data analysis and could cause the agent to access sensitive repository content (including internal system prompts). Before installing or enabling this skill, consider: - Confirm whether those external files exist in the environment where the agent will run. If they do not, the instructions may fail; if they do, the skill may read internal files you don't want exposed. - Ask the publisher to bundle any necessary rule files into the skill or remove references to external repo paths. The included references/ files largely mirror the external sources — bundling them would remove the need to read outside files. - Review scripts/binance_futures_snapshot.py locally: it only calls Binance public API (https://fapi.binance.com) and computes indicators; no hidden endpoints or credential exfiltration were found. - Run the skill in a sandboxed environment first, or inspect the referenced external files (system-prompt.txt, core-feature-spec.md) to ensure they contain no sensitive data. If the external file reads are removed or the referenced files are confirmed benign and intentionally included in your runtime environment, this assessment would likely change to benign. Currently treat it as suspicious because of the out-of-bundle file access requirement.