The Agent Skills Directory

[DATA_EXFILTRATION]: The skill includes a vendored component (bird-search) that programmatically accesses browser cookie databases for Safari, Chrome, and Firefox to extract X (Twitter) authentication tokens (auth_token and ct0). While this is a documented feature intended to enable searching X without a paid API key, browser cookies are highly sensitive, and their programmatic access represents a significant data exposure risk.
[PROMPT_INJECTION]: The skill is designed to ingest and display untrusted content from Reddit threads, X posts, and YouTube transcripts. This creates an indirect prompt injection surface where malicious data on those platforms could contain instructions meant to hijack the AI agent's behavior. The skill does not currently implement robust boundary markers or explicit 'ignore instructions' directives when presenting this research data to the agent.
[COMMAND_EXECUTION]: The research pipeline executes external command-line tools (yt-dlp and node) via Python's subprocess module to perform YouTube searches, transcript extraction, and X searches. While these operations are necessary for the skill's stated purpose, the use of subprocesses to run external binaries requires trust in the security and integrity of those third-party tools.

last30days