The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions define shell commands that execute a local Python script with unquoted arguments: "${LAST30DAYS_PYTHON}" "${SKILL_ROOT}/scripts/last30days.py" $ARGUMENTS --emit=compact. If an agent populates the $ARGUMENTS variable with unsanitized user input, this could allow an attacker to perform shell command injection.
[PROMPT_INJECTION]: The skill operates by retrieving content from untrusted external sources (Reddit, X/Twitter, Instagram, TikTok, YouTube, and general web results), which creates an inherent risk of indirect prompt injection.
Ingestion points: Untrusted data enters the agent context via search results and transcripts from multiple third-party platform APIs (ScrapeCreators, xAI, Algolia, Polymarket, Brave/Serper).
Boundary markers: The provided instructions do not include markers or delimiters to isolate processed external data from the agent's core instructions.
Capability inventory: The skill environment permits shell command execution and file system access, which could be abused if malicious instructions are processed.
Sanitization: There is no evidence of content sanitization or validation performed on the retrieved results before they are synthesized by the agent.

last30days-v3-spec