The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requires manual execution of a 2,100-line JavaScript library (actions.js) and a utility script (core.js) within the user's authenticated browser session. These scripts have the capability to perform high-privilege actions like posting tweets and sending direct messages.
[DATA_EXFILTRATION]: Components such as linkScraper.js and sessionLogger.js are designed to extract and export data from the session to local files, which could be used to harvest sensitive account or relationship information.
[PROMPT_INJECTION]: The skill's automation logic is vulnerable to indirect prompt injection from external data sources. 1. Ingestion points: Scripts like autoLiker.js, followTargetUsers.js, and customerService.js read tweets, user bios, and private messages. 2. Boundary markers: No markers or instructions to ignore embedded commands are specified. 3. Capability inventory: The actions.js file provides functions for account-wide actions, including XActions.dm.send(). 4. Sanitization: The documentation does not describe any methods for sanitizing external text before it is used to trigger automated actions or generate replies.

growth-automation