The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill accesses and manages a sensitive file path at ~/.config/x-api/.env to store and load an X API Bearer Token. Accessing environment files or local credential stores is considered a high-risk behavior as these paths are frequent targets for data theft.
[COMMAND_EXECUTION]: The skill uses several shell commands including curl, source, mkdir, chmod, and read to perform setup and API operations. The source command is used to load variables into the shell environment, which could execute arbitrary code if the configuration file is modified by a malicious process or user.
[PROMPT_INJECTION]: The skill exposes a significant indirect prompt injection surface by ingesting untrusted data from the X API.
Ingestion points: Data enters the agent context via X API v2 endpoints such as /2/tweets and /2/search/recent, which contain arbitrary user-generated content.
Boundary markers: The command templates do not use delimiters or provide instructions to the agent to disregard commands potentially hidden within the fetched tweet text.
Capability inventory: The agent possesses the capability to write to the file system (echo) and is explicitly instructed to 'update this SKILL.md' with new patterns or techniques it discovers.
Sanitization: No sanitization or validation logic is present to filter malicious instructions or hidden characters from the fetched API responses before they are processed by the agent.
[DATA_EXFILTRATION]: The skill transmits the X_BEARER_TOKEN in HTTP headers to api.x.com. While this targets a well-known service, the local storage and manual handling of raw tokens increase the risk of credential exposure.

x-api-reader