The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The TS — Header template in SKILL.md contains a hardcoded Bearer token (AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D...). While this specific string is a known public guest token for Twitter, hardcoding credentials in templates is an unsafe practice.
[CREDENTIALS_UNSAFE]: The skill's core instructions guide the agent to capture and utilize highly sensitive authentication data from the user's active browser session, specifically session cookies, CSRF tokens (ct0), and custom authorization headers.
[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands such as npm run build and opencli to compile and test code generated during the session.
[REMOTE_CODE_EXECUTION]: The skill implements a dynamic code generation workflow where TypeScript adapters are synthesized based on the structure and responses of external, untrusted websites. This generated code is then executed locally via the opencli environment.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its reliance on untrusted external data.
Ingestion points: Target URLs and their associated API responses captured via browser_navigate and browser_network_requests.
Boundary markers: None; the instructions do not include delimiters or warnings to ignore malicious instructions embedded in the scraped website content.
Capability inventory: The skill possesses the ability to perform browser_evaluate, execute fetch requests with user credentials, and run shell commands (npm run build).
Sanitization: There is no evidence of sanitization or validation logic to prevent malicious site content from being interpolated into the generated code templates.

qiaomu-opencli-oneshot