The Agent Skills Directory

[DATA_EXFILTRATION]: The skill reads from and writes to a hardcoded absolute directory path located at /Users/yangyilin/docs/ai-list/. Accessing specific folders within a user's home directory can lead to unintended exposure or modification of local data, especially in environments where multiple users or sensitive documents are present.
[COMMAND_EXECUTION]: The workflow executes the xreach CLI and curl commands to interact with external services. These commands process remote inputs such as URLs and tweet IDs, which can pose a risk of command injection if the arguments are not correctly sanitized by the agent before shell execution.
[PROMPT_INJECTION]: The skill has a significant indirect prompt injection surface as it ingests untrusted data from various external sources.
Ingestion points: Untrusted content enters the system from fetched tweets, resolved redirect URLs, and article text extracted from the web via the Reader or OpenClaw browser.
Boundary markers: The instructions do not specify any delimiters or safety markers to isolate the fetched external data from the agent's core instructions.
Capability inventory: The skill has permissions to write to the local file system, perform network operations via CLI tools, and invoke image understanding capabilities through MCP tools.
Sanitization: There is no evidence of sanitization or filtering applied to the fetched text or image data before it is passed to the AI summarization or analysis components.

capture-x-ai-lists