The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill instructions advise users to append sensitive credentials (TWITTER_API_KEY) to shell configuration files such as ~/.bashrc or ~/.zshrc. It further demonstrates passing these secrets as plaintext command-line arguments to the twitter_search.py and run_search.sh scripts, which can expose the keys to other system processes and users via process monitoring tools.- [EXTERNAL_DOWNLOADS]: The resource description for scripts/run_search.sh states that the script automatically checks for Python availability and installs missing dependencies at runtime. This represents an unverifiable dependency installation pattern where external code is fetched and executed without explicit version pinning or integrity verification in the documentation.- [COMMAND_EXECUTION]: The skill relies on the execution of local shell scripts and Python files (scripts/run_search.sh and scripts/twitter_search.py) to perform network operations and data processing.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted content (up to 1000 tweets) from the Twitter API and instructs the agent to analyze this data to produce reports and actionable recommendations. There are no specified boundary markers, delimiters, or instructions to ignore embedded commands within the fetched data, creating a risk where malicious text in a tweet could influence the agent's behavior. Ingestion point: scripts/twitter_search.py output. Boundary markers: Absent. Capability inventory: Subprocess execution, network access via API. Sanitization: None mentioned.

twitter-search