The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill attempts to extract secrets directly from the local filesystem.
Evidence: Multiple scripts, including scripts/search_log.sh, scripts/search_linkedin.sh, and scripts/search_twitter.sh, use awk or grep commands to read ~/.zshrc and extract the APIFY_API_KEY.
Evidence: scripts/search_youtube.sh similarly attempts to retrieve the YOUTUBE_API_KEY from the same file. Accessing local shell profiles to retrieve credentials is a high-risk pattern for secret exposure.
[COMMAND_EXECUTION]: Dynamic execution of script paths provided as arguments.
Evidence: scripts/package_public.sh accepts a path to a Python script via the $PACKAGER variable and executes it using python3. This allows for arbitrary code execution if an untrusted path is supplied.
[DATA_EXFILTRATION]: Performs network requests to external API services.
Evidence: The skill uses curl to transmit data and credentials to external services including api.apify.com, www.googleapis.com, www.reddit.com, and hn.algolia.com. While these are well-known technology providers, the automated handling of credentials retrieved from local configuration files increases the risk profile.
[PROMPT_INJECTION]: Significant attack surface for indirect prompt injection due to processing untrusted social media data.
Ingestion points: Aggregates and ranks content from Reddit, Twitter/X, LinkedIn, and Hacker News as described in SKILL.md.
Boundary markers: Absent. The skill lacks instructions or delimiters to prevent the agent from following malicious commands embedded in the fetched text.
Capability inventory: The skill can execute shell scripts, write to the filesystem (.search_log.json), and perform network operations.
Sanitization: No sanitization or escaping of the scraped social media text is performed before it is processed by the agent.

unclawg-discover