The Agent Skills Directory

[COMMAND_EXECUTION]: The file twitter_cli/auth.py uses subprocess.run to execute a dynamically generated Python script for cookie extraction. This is implemented to handle SQLite database locks and Keychain access issues on macOS and Windows.
[DATA_EXFILTRATION]: The skill is designed to extract sensitive browser data, including Twitter/X authentication tokens (auth_token, ct0) and all associated cookies from browsers like Chrome, Edge, and Firefox. These credentials are sent to Twitter servers to impersonate legitimate browser sessions.
[EXTERNAL_DOWNLOADS]: The skill fetches critical GraphQL query mapping configuration from an external, community-maintained GitHub repository (fa0311/twitter-openapi). This creates a dependency on an unverified source that controls how the CLI interacts with Twitter's internal API.
[PROMPT_INJECTION]: The skill ingests untrusted data from Twitter (tweet content, bios) and possesses write capabilities (posting, following). This represents an indirect prompt injection surface where a malicious tweet could potentially influence an agent's next actions if not properly delimited by the consuming application.

twitter-cli