The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to use the xurl CLI tool for shell commands to interact with the Twitter API, including profile lookups and searches.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted data from X.
Ingestion points: Data from tweets, timelines, and user bios enters the agent context through xurl command outputs (SKILL.md).
Boundary markers: No delimiters or isolation instructions are provided to separate external tweet content from the agent's core instructions.
Capability inventory: The agent can execute shell commands via xurl and handle sensitive authentication tokens ($X_TOKEN).
Sanitization: There is no evidence of sanitization or validation of the retrieved tweet content before it is parsed by the agent.

x