The Agent Skills Directory

[DATA_EXFILTRATION]: Multiple scripts within the skill (including search_twitter.sh, search_linkedin.sh, search_tiktok.sh, search_indeed.sh, search_youtube.sh, and search_log.sh) automatically read the user's ~/.zshrc file to extract API keys. Shell configuration files are highly sensitive as they often contain numerous environment variables, credentials, and private system information. Accessing such files without explicit user consent is a significant security risk.
[COMMAND_EXECUTION]: The skill's main instruction file (SKILL.md) describes a "Private Operator Extension" in Phase 7A that allows for executing SQL batch inserts into a production database via SSH. This represents a high-privilege command execution capability that provides a direct path to sensitive infrastructure.
[EXTERNAL_DOWNLOADS]: The skill relies on remote scraper code executed on the Apify platform, such as the api-ninja/x-twitter-advanced-search and clockworks/tiktok-scraper actors. While Apify is a well-known service, the skill's reliance on remote, third-party code for its core functionality introduces potential supply chain risks.
[PROMPT_INJECTION]: The skill is inherently vulnerable to Indirect Prompt Injection (Category 8) due to its core function of ingesting and processing untrusted data from social media. * Ingestion points: Untrusted content is fetched from Reddit, Hacker News, Twitter, and LinkedIn. * Boundary markers: There are no explicit delimiters or instructions to treat scraped content as untrusted data. * Capability inventory: The skill has the ability to perform network requests via curl and execute shell commands, including SSH. * Sanitization: No sanitization or escaping of external content is performed before the data is presented to the agent for analysis and strategy generation.

unclawg-discover