The Agent Skills Directory

[DATA_EXFILTRATION]: The skill handles sensitive API credentials for X, GitHub, and AI providers. It stores X bearer tokens in ~/.claude/persona/tokens.json. Additionally, setup-token.sh uses the pbpaste utility to read the system clipboard to capture tokens during the authentication setup process.- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it incorporates external, untrusted data into LLM prompts.
Ingestion points: Fetches content from X (via capture.sh), GitHub (via git-activity.sh), and Grok (via scan.sh).
Boundary markers: Uses structural delimiters like === YOUR VOICE === and === RECENT GIT ACTIVITY === to frame external content.
Capability inventory: Scripts can perform network operations (curl), write to the filesystem, and execute subprocesses.
Sanitization: While scripts use jq for robust JSON formatting and HTML escaping for the preview UI, they do not filter the natural language content of fetched data for potential adversarial instructions.- [COMMAND_EXECUTION]: The playground.ts script implements a local web server using the Hono framework and executes external commands via Bun.spawn to generate images using a separate plugin. This process involves passing user-controlled prompt strings as arguments to a background script.- [EXTERNAL_DOWNLOADS]: The skill performs legitimate network communications with official API endpoints for X, GitHub, Anthropic, and xAI. These operations are essential for the skill's core functions such as profile building and social intelligence scanning.

persona