The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the bird CLI tool to perform searches on X/Twitter by interpolating user-provided topics directly into a shell command (bird search "[topic]" -n 10 --plain). This pattern introduces a risk of command injection if the user input contains shell metacharacters or subcommands that are not properly escaped by the executing environment.\n- [EXTERNAL_DOWNLOADS]: The skill identifies a dependency on a non-standard binary named bird for core functionality. While no automated installation script is provided in the source, reliance on external, unverified tools increases the security surface area and requires manual configuration of sensitive session cookies.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it fetches and processes content from untrusted external sources like Reddit and X/Twitter.\n
Ingestion points: Untrusted data is ingested through web_search (Brave Search results), web_fetch (full web page content), and bird search (social media posts).\n
Boundary markers: The skill logic lacks delimiters or specific instructions that would prevent the agent from accidentally obeying malicious commands embedded within the retrieved external content.\n
Capability inventory: The skill provides the agent with capabilities to execute shell commands (via bird), perform web searches, and fetch arbitrary URL content.\n
Sanitization: There is no evidence of content sanitization, filtering, or validation before the retrieved data is synthesized into "actionable insights" or "ready-to-use prompts" for the user.

last30days