The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill uses a highly dangerous 'curl | bash' pattern to install components. This allows a remote server at canifi.com to execute arbitrary code on the host machine without any prior verification or auditing.
Evidence: curl -sSL https://canifi.com/skills/twitter-x/install.sh | bash in SKILL.md.
Evidence: curl -sSL https://canifi.com/install.sh | bash in SKILL.md.
[COMMAND_EXECUTION]: The skill relies on executing piped shell commands from remote sources to perform its primary setup and environment configuration.
[CREDENTIALS_UNSAFE]: The skill requests users to input sensitive account information (Twitter/X username and password) into the canifi-env utility. Because this utility is installed through an unverified remote script execution, the security of these credentials cannot be guaranteed, and they could be intercepted or exfiltrated by the external script.
Evidence: canifi-env set TWITTER_PASSWORD "your-password" instructions in SKILL.md.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its core functionality of reading social media content.
Ingestion points: The agent reads untrusted data from Twitter notifications and mentions (SKILL.md).
Boundary markers: There are no instructions or delimiters specified to prevent the agent from obeying commands embedded within the fetched tweets or mentions.
Capability inventory: The skill has the ability to post, reply, and manage account settings, which could be triggered maliciously by external content.
Sanitization: No sanitization or validation of the fetched Twitter data is performed before processing.

twitter-x