The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs users to manually execute JavaScript code in the browser console of x.com (e.g., 'Open DevTools (F12) → Console → Paste the script'). This is a high-risk 'Self-XSS' pattern frequently used to bypass security controls and access sensitive session data such as authentication tokens or cookies.
[NO_CODE]: Multiple core implementation files referenced in the documentation, including 'src/postThread.js', 'src/schedulePosts.js', 'src/createPoll.js', and 'src/autoRepost.js', are missing from the skill package. Consequently, the actual logic and safety of these scripts cannot be audited or verified.
[PROMPT_INJECTION]: The 'contentRepurposer.js' and 'autoRepost.js' functionalities scan and process untrusted external data from the X timeline. This creates a surface for indirect prompt injection where malicious instructions embedded in tweets could influence the agent's content generation or repurposing logic.
Ingestion points: Reads tweet content from the x.com timeline and search results via 'XActions.scan()'.
Boundary markers: No delimiters or 'ignore' instructions are documented to protect the agent from embedded instructions in processed tweets.
Capability inventory: The skill possesses capabilities to post content, create polls, and automate account engagement.
Sanitization: There is no documentation of input sanitization or validation of the text retrieved from external tweets before processing.

content-posting