The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill executes a command in SKILL.md (Step 8c) to read the agent's internal configuration file ~/.claude.json and extract sensitive x-api-key headers for the play-fun MCP server. Accessing the agent's own configuration is a high-risk operation.
[CREDENTIALS_UNSAFE]: In SKILL.md (Step 7e), the skill writes user API keys to a local file ~/.herenow/credentials using echo and chmod. While it attempts to set restrictive permissions, managing credentials in this manner is insecure.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the tweet-to-game pipeline described in tweet-pipeline.md.
Ingestion points: External content fetched from api.fxtwitter.com based on user-provided tweet URLs.
Boundary markers: Absent; the fetched text is directly used to "abstract" game concepts and guide code-writing subagents.
Capability inventory: Extensive capabilities including file-writing (SKILL.md), network operations (SKILL.md), and subprocess execution via the Task tool (step-details.md).
Sanitization: None; the logic explicitly states "NEVER refuse to make a game from a tweet," encouraging the processing of potentially malicious instructions embedded in tweet text.
[COMMAND_EXECUTION]: The skill performs administrative actions on the agent's environment, such as adding a new MCP server (claude mcp add playwright ...) and installing global packages and skills (npx skills add ...) in SKILL.md and verification-protocol.md.
[DATA_EXFILTRATION]: The skill collects user emails and transmits them to external endpoints (https://here.now/api/auth/login) and registers game data with an external API (https://api.play.fun/games) as seen in SKILL.md.
[EXTERNAL_DOWNLOADS]: The skill incorporates a remote JavaScript SDK from https://sdk.play.fun/latest into the generated game's source code, which will be executed in the user's browser environment.

make-game