The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill uses npx awal@latest, which dynamically downloads and executes the latest version of the 'awal' package from the npm registry at runtime. This practice lacks version pinning, making the skill vulnerable to supply chain attacks if the package is compromised.
[REMOTE_CODE_EXECUTION]: Executing code via npx from a remote registry is a form of remote code execution, as the package content is fetched from an external source and executed immediately in the agent's environment.
[COMMAND_EXECUTION]: The skill grants broad shell access through Bash(npx awal@latest *) and Bash(curl *). This allows the execution of arbitrary commands with arguments, which could be exploited if user-provided input is not correctly sanitized before being interpolated into these commands.
[DATA_EXFILTRATION]: During authentication, the skill processes sensitive user information, specifically email addresses and one-time passwords (OTP). This data is passed to the awal CLI tool and transmitted to an external endpoint (up.railway.app).
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through data ingested from external APIs.
Ingestion points: API responses from https://omniapi-production-7de2.up.railway.app containing user-controlled content like Twitter bios or post captions.
Boundary markers: Absent.
Capability inventory: Full shell access via Bash for payments, authentication, and data retrieval.
Sanitization: No evidence of sanitization or instruction filtering for the content retrieved from external social media profiles.

agent-x402