Alpaca Py Cli

This skill is classified as suspicious due to its inherent high-risk capabilities, specifically the modification of shell configuration files (~/.zshrc, ~/.bashrc, ~/.profile) to persistently store sensitive API keys for financial trading. While the skill's documentation (SKILL.md, README.md, setup.json) provides extensive and explicit warnings against autonomous agent actions and emphasizes the need for user consent for setup, the capability to alter shell configuration and handle financial credentials represents a significant security concern if misused or if an agent fails to adhere to the provided safety instructions. There is no evidence of malicious intent such as data exfiltration or backdoor installation; rather, the documentation actively attempts to mitigate prompt injection risks by instructing agents to seek explicit user permission for sensitive operations.