The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell scripts that interact with the xAI API via curl. Analysis of these scripts shows robust input handling, such as validate_category in scripts/common.sh which uses a regex-like sed command to ensure category IDs only contain alphanumeric characters, preventing shell injection during eval operations.
[CREDENTIALS_UNSAFE]: The skill requires an XAI_API_KEY. It correctly instructs users in config/README.md and config/.env.example to copy the example file to a .env file for local storage, which is a standard and safe practice for secret management. No hardcoded keys are present in the source.
[EXTERNAL_DOWNLOADS]: The skill makes network requests to https://api.x.ai/v1/responses. As xAI is the official provider for the Grok API and a well-known service in the AI industry, these requests are considered safe and necessary for the skill's primary function of researching X/Twitter content.
[DATA_EXFILTRATION]: While the skill communicates with the xAI API, it only sends user-defined search queries, account handles, and topics. There is no evidence of the skill accessing sensitive local files (like SSH keys or AWS credentials) or exfiltrating private data to unauthorized domains.
[INDIRECT_PROMPT_INJECTION]: The skill processes data from X/Twitter (untrusted source). However, it uses a server-side tool (x_search) where xAI handles the retrieval and synthesis. The skill further treats the output as data (parsing JSON or plain text for display and caching) rather than executable code, significantly mitigating the risk of indirect injection affecting the agent's core logic.

x-research