The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/scheduled_scan.sh executes several system commands including mkdir for directory creation, ln for symlink management, find for file cleanup, and osascript to trigger macOS system notifications. These commands are used as intended for the skill's local automation features.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted text from X/Twitter posts via the xAI API. Ingestion points: scripts/scan_x.py retrieves content from a curated list of accounts and the general X feed. Boundary markers: While the Grok prompt requests a specific JSON-like output format, there are no delimiters or instructions to the agent to ignore potentially malicious commands embedded within the summarized tweets. Capability inventory: The agent has the ability to write to the local file system and perform network requests to external APIs (xAI and Notion). Sanitization: The skill performs no filtering or sanitization of the retrieved content before it is processed by the agent or saved to disk.
[DATA_EXFILTRATION]: The load_api_key function in scripts/scan_x.py recursively searches for .env files up to 10 directory levels above the script's location. This behavior is overly permissive and could lead to the unintentional exposure or loading of sensitive credentials from unrelated parent directories or adjacent projects.

x-scanner