The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill exhibits a major Indirect Prompt Injection surface (Category 8). It explicitly facilitates the ingestion of untrusted data from external sources (Twitter, Reddit, Instagram, YouTube, LinkedIn) into the agent's context.
Ingestion Points: search_twitter_posts, search_reddit_posts, get_reddit_post_comments, get_youtube_video_comments, and other MCP tools defined in SKILL.md.
Boundary Markers: None identified. The instructions do not recommend delimiters or system-level warnings to the agent to ignore instructions embedded within the retrieved social media content.
Capability Inventory: While the skill itself primarily focuses on 'searching' and 'getting' data, the 'Take Action' workflow in SKILL.md (Step 4) encourages the agent to 'Respond to negative mentions' and 'Amplify positive feedback'. If the agent has write-access to these platforms, an attacker could craft a post that, when read by the agent, triggers an unintended response, such as leaking internal data or posting malicious links.
Sanitization: No sanitization or validation of the external content is mentioned or implemented in the provided documentation.
[COMMAND_EXECUTION] (SAFE): No direct shell command execution or unsafe subprocess calls were found in the provided markdown files.
[DATA_EXFILTRATION] (LOW): While the skill accesses external data, it does not demonstrate patterns for exfiltrating sensitive local files (like SSH keys or AWS credentials) to the social media platforms. Risk is limited to the inherent 'replies' or 'reports' generated by the agent.

anysite-brand-reputation