The Agent Skills Directory

[DYNAMIC_EXECUTION]: The skill uses src/twikit_patch.py to modify the behavior of the twikit library at runtime. By overriding ClientTransaction.get_indices, the skill dynamically patches third-party library logic to fix compatibility issues with the X/Twitter web platform.
[INDIRECT_PROMPT_INJECTION]: The skill fetches and processes social media posts from Jike and X. The instructions in SKILL.md (Step 3) direct the agent to read up to 150 posts to perform scoring. Since these posts contain untrusted external data and are processed without explicit boundary markers or sanitization, they present a surface where malicious instructions embedded in a post could attempt to influence the agent's actions.
[DATA_EXPOSURE_AND_EXFILTRATION]: The skill's setup documentation (X_SETUP.md) instructs users to store sensitive session cookies for X in /tmp/x_cookies.json, which is often a world-readable directory on multi-user systems. Furthermore, src/fetch_jike.py accepts authentication tokens as command-line arguments, which can expose secrets in the system's process list.
[UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill installs browser binaries via playwright install. The generated HTML card output also loads and executes the html-to-image library from esm.sh, a well-known content delivery service, to facilitate client-side rendering functions in the browser.

social-sbti