The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill automates the extraction of session cookies from the host's Chrome browser using the command $B cookie-import-browser chrome --domain x.com. This provides the agent with full authenticated access to the user's X account without requiring a password or API key.
[COMMAND_EXECUTION]: The skill relies on executing shell commands via a Bash tool to control a headless Chromium instance, which facilitates all account interactions like posting, replying, and monitoring.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from X timelines, notifications, and search results while having the capability to perform actions on the user's behalf.
Ingestion points: Untrusted text content is read from X.com via the $B snapshot -c command in the Timeline, Notifications, and Search sections of SKILL.md.
Boundary markers: Absent. No instructions are provided to the agent to treat external tweet content as untrusted or to ignore instructions embedded within those tweets.
Capability inventory: The agent can perform high-impact actions including Post, Reply, Like, and Repost, and can log task status using ak task log.
Sanitization: Absent. The skill does not describe any methods for filtering or sanitizing the content read from the browser before the agent interprets it.

x-ops