The Agent Skills Directory

Prompt Injection (HIGH): The README provides a template in 'Step 1' that users are told to 'Copy and paste' into other AI tools. This template includes a hardcoded account handle (X Account: zach_sndr). Users who copy this verbatim will inadvertently analyze the specified account rather than their own, or mix their sensitive CSV data with the instructions for the hardcoded handle. This is a common social engineering tactic to redirect AI behavior.
Data Exposure & Exfiltration (HIGH): The skill's primary setup workflow (Option B) requires users to download sensitive X analytics and content CSV files and upload them to third-party AI web services. While intended for personalization, this encourages the movement of sensitive personal data to external, untrusted contexts without clear warnings about the privacy implications.
Indirect Prompt Injection (HIGH): The skill's architecture is built around reading and obeying instructions from a user-generated analyzed.md file.
Ingestion points: The agent reads the contents of analyzed.md to personalize content creation.
Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are present in the documentation or the proposed template structure.
Capability inventory: The skill has the capability to 'write' tweets, 'strategy' ideas, and 'reply' to accounts. A poisoned analyzed.md could force the agent to generate malicious, spammy, or phishing content under the user's persona.
Sanitization: There is no evidence of sanitization or validation for the data pulled from the analyzed.md file.

x-write