The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill attempts to access the macOS keychain using the security find-generic-password command to verify the existence of an xai-api key. Accessing system-level credential stores is a sensitive operation that could lead to credential exposure if the environment is compromised.
[COMMAND_EXECUTION]: The skill executes various CLI tools including notesmd-cli, qmd, and scrapling. Specifically, it uses scrapling with flags like --solve-cloudflare and stealthy-fetch to bypass bot detection mechanisms on external websites.
[EXTERNAL_DOWNLOADS]: The skill instructs the user to install an external tool, scrapling[all], using the uv tool install command. This introduces a third-party dependency into the environment.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It fetches content from arbitrary URLs (GitHub, X/Twitter, and general web pages) and processes this untrusted data to generate summaries and notes. There are no explicit sanitization steps or boundary markers described to prevent malicious instructions embedded in the fetched content from influencing the agent's behavior.
[REMOTE_CODE_EXECUTION]: The skill runs a Python script located in a different skill's directory (~/.claude/skills/res-x/scripts/x_fetch.py). While this appears to be inter-skill orchestration, executing scripts from specific paths in the user's home directory is a high-capability pattern.

doc-daily-digest