The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it processes untrusted content from an external source (Twitter/X). * Ingestion points: Data enters the agent's context through the /search, /tweet, and /user endpoints at https://twitter.x402.agentbox.fyi as defined in SKILL.md. * Boundary markers: There are no explicit delimiters or instructions to the agent to ignore or isolate instructions embedded within the fetched data. * Capability inventory: The agent possesses the x_payment tool capability, which executes financial transactions (USDC micropayments). This capability could be targeted by injected instructions to cause excessive spending. * Sanitization: The skill lacks evidence of content sanitization or validation for the data returned by the API.
[EXTERNAL_DOWNLOADS]: The skill relies on an external API infrastructure for both data retrieval and payment processing. * Details: The skill directs all network traffic to https://twitter.x402.agentbox.fyi. While this is necessary for the skill's operation, it creates a dependency on an external service that handles financial assets.

agentbox-twitter