The Agent Skills Directory

[CREDENTIALS_UNSAFE] (HIGH): The skill requires the user to provide raw X.com session cookies (auth_token, ct0, twid). These are high-value credentials that grant full account access. The scripts/convert_cookies.py script specifically identifies and processes these values, printing partial tokens to the console.
[DATA_EXFILTRATION] (MEDIUM): The skill defaults to storing sensitive session cookies in /tmp/x_cookies_pw.json and scraped results in /tmp/x_{username}_posts.json. Storing sensitive authentication data and scraped content in a world-readable directory like /tmp on multi-user systems exposes the user to session hijacking and data theft.
[EXTERNAL_DOWNLOADS] (LOW): The setup guide (references/setup.md) instructs users to download and install the playwright library and chromium browser. While these are legitimate tools, they involve downloading and executing binaries from external sources.
[PROMPT_INJECTION] (MEDIUM): Indirect Prompt Injection surface (Category 8).
Ingestion points: Untrusted post content (textContent) is scraped from x.com in scripts/scraper.py.
Boundary markers: None. Scraped text is returned to the agent context as raw strings without delimiters or instructions to ignore embedded commands.
Capability inventory: The skill has network access and local file writing capabilities. If a downstream agent processes the output, malicious instructions within the scraped posts could influence the agent's behavior.
Sanitization: None. The raw text content is extracted via inner_text() and used without filtering.
[COMMAND_EXECUTION] (LOW): The scripts/scraper.py script launches the Chromium browser with --no-sandbox and --disable-setuid-sandbox. These flags significantly degrade browser security, increasing the risk of a sandbox escape if the browser encounters malicious content on the target website.

x-scraper