The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill performs automated data collection from X/Twitter profiles (Scenario E). Because it ingests untrusted text from user tweets, it possesses an indirect prompt injection surface where instructions embedded in social media posts could potentially influence the agent during the diagnosis phase.
Ingestion points: Tweet text and metadata collected via browser tools in SKILL.md (Scenario E).
Boundary markers: The skill stores data in structured formats (.json, .md) but does not explicitly define clear delimiters or escape sequences for the agent when processing this data for diagnosis.
Capability inventory: The agent has filesystem write access and browser navigation tools (computer-use, claude-in-chrome).
Sanitization: No explicit sanitization or instruction-filtering of collected tweet content is described.
[DATA_INGESTION]: Scenario E describes an automated workflow to collect user account data. It uses high-capability browser tools like computer-use to navigate x.com, perform scrolls, and capture screenshots/DOM data. The data is stored locally in the user-data/ directory. This behavior is documented as a primary feature for account analysis and does not involve unauthorized data exfiltration.

x-mastery-mentor