The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill connects to https://xquik.com/api/v1 to fetch tweet data. This domain is the official infrastructure for the skill author (Xquik) and represents the intended functionality of the tool.- [DATA_EXPOSURE]: Authentication is handled through the XQUIK_API_KEY environment variable. This is a standard security practice that avoids hardcoding secrets. No private file access or credential harvesting patterns were detected.- [PROMPT_INJECTION]: The skill addresses the risk of Indirect Prompt Injection by including a dedicated security section. It explicitly instructs the agent that tweet text is untrusted and should not be treated as authoritative or as instructions. Ingestion points: Tweet data retrieved via API endpoints in SKILL.md. Boundary markers: Explicitly defined in the 'Security' section of SKILL.md. Capability inventory: The skill is limited to read-only API requests; no file-system access, shell execution, or arbitrary network capabilities are present. Sanitization: Not specified, but risk is mitigated by the lack of exploitable capabilities.

find-viral-tweets