The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill includes logic in scripts/lib/bird_x.py to automatically install a third-party CLI tool (@steipete/bird) via the command npm install -g @steipete/bird when executed through the install_bird() function.
[COMMAND_EXECUTION]: Subprocess execution is utilized in scripts/lib/bird_x.py to call external binaries including npm and bird. While arguments are largely structured, this pattern increases the attack surface for command-related vulnerabilities.
[DATA_EXFILTRATION]: The skill handles sensitive authentication data including OpenAI and xAI API keys, as well as Twitter session tokens (AUTH_TOKEN and CT0). These credentials are recovered from the environment and configuration files in scripts/lib/env.py and transmitted to external service providers during research operations.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to the following evidence chain:
Ingestion points: Untrusted research data is ingested from Reddit, X, and the web via scripts/last30days.py.
Boundary markers: Absent. The instructions in SKILL.md for the 'Judge Agent' do not specify the use of delimiters or 'ignore embedded instruction' warnings for the research data.
Capability inventory: The skill can execute shell commands via subprocess.run (in bird_x.py) and has access to Write and Read tools.
Sanitization: Data is truncated to 500 characters in scripts/lib/normalize.py, but no semantic sanitization is performed.
[COMMAND_EXECUTION]: The SPEC.md documentation describes 'Inline Context Injection' using the !command syntax (e.g., !python3 ...). This feature allows for the silent execution of shell commands when the skill is loaded, which can be abused if user-supplied inputs are incorporated into the command string.

last30days