The Agent Skills Directory

[DATA_EXFILTRATION]: The skill's X (Twitter) fetcher in src/fetch_x.py is configured to read sensitive authentication cookies from a hardcoded path at /tmp/x_cookies.json. Accessing browser-level session tokens from a shared temporary directory poses a risk of credential exposure, especially on multi-user systems.
[EXTERNAL_DOWNLOADS]: The skill installs several third-party Python packages (twikit, jike-skill, anthropic) and uses playwright to download the Chromium browser binary. It also fetches a remote JavaScript file from Twitter's official infrastructure (abs.twimg.com) within src/twikit_patch.py to extract transaction indices required for its operation.
[REMOTE_CODE_EXECUTION]: The HTML template (templates/card.html) used to generate the personality card imports the html-to-image library from a remote CDN (https://esm.sh). This leads to the execution of external code in the user's browser context when viewing the generated SBTI report.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted content from social media platforms and includes it in the agent's context for personality scoring.
Ingestion points: Content fetched from Jike and X/Twitter via src/fetch_jike.py and src/fetch_x.py.
Boundary markers: Absent. The skill instructions in SKILL.md (Step 3) tell the agent to通读 (read through) 150 posts without providing specific delimiters or instructions to ignore commands embedded in those posts.
Capability inventory: The skill has access to Bash, Write, Edit, and Read tools as defined in the SKILL.md frontmatter.
Sanitization: src/analyze_sbti.py performs basic newline removal and character truncation, but lacks specific sanitization to prevent the agent from following instructions embedded in the analyzed posts.
[COMMAND_EXECUTION]: The skill uses the Bash tool to perform system-level operations, including installing dependencies and managing browser binaries via Playwright.

social-sbti