Twitter Autopilot

The skill is classified as suspicious due to a local file inclusion/arbitrary file read/write vulnerability in `scripts/tweet.py`. Specifically, the `queue`, `mode`, and `check-dupe` commands can accept arbitrary file paths as arguments, allowing an attacker or a misconfigured AI agent to read or write files outside the intended `twitter/` directory (e.g., `python tweet.py queue /etc/passwd`). While the `SKILL.md` documentation does not instruct the agent to exploit this, the underlying code lacks input validation for these paths, presenting a clear security risk without evidence of intentional malicious design.