The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The run.py script attempts to read the file ~/.alex/config.yaml to extract the moltbook_api_key. Accessing credentials stored in the user's home directory is a security risk if the filesystem is shared or compromised.
[DATA_EXFILTRATION]: The _api function includes the Authorization header containing the API key in requests to any URL provided in the MOLTBOOK_API_FALLBACK_URLS environment variable. A malicious actor with the ability to modify environment variables could use this to redirect sensitive authentication tokens to an external server under their control.
[PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection by ingesting data from external web sources.
Ingestion points: The feed, search, and _bing_rss_search functions in run.py fetch content from the Moltbook API and Bing RSS feeds.
Boundary markers: Absent. External data is parsed and returned to the agent without delimiters or warnings.
Capability inventory: The skill requires bash and performs network operations using the urllib library.
Sanitization: No sanitization or validation of the fetched content is performed before it is passed to the agent's context.
[COMMAND_EXECUTION]: The skill utilizes the bash tool to execute run.py, as specified in the SKILL.md triggers and requirements.

moltbook