The Agent Skills Directory

[PROMPT_INJECTION]: The skill retrieves untrusted data from Twitter/X, such as tweet text and user biographies, which creates a surface for indirect prompt injection attacks. Ingestion points: External content is fetched in scripts including get_tweet.py, get_user_info.py, and search_tweets.py. Boundary markers: Data is processed and displayed without specific delimiters or safety warnings to the model regarding potential embedded instructions. Capability inventory: The skill's functionality is restricted to read-only data retrieval from the Twitter API, mitigating the risk that an indirect injection could trigger dangerous actions like file modifications or unauthorized network requests. Sanitization: Basic field truncation (e.g., limiting user descriptions to 150 characters and tweet text to 280 characters) is performed in twitter_api.py, reducing the payload size for potential injections.

twitter