opentwitter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly documents endpoints (e.g., twitter_user_tweets, twitter_search) and a WebSocket (wss://ai.6551.io/open/twitter_wss) that fetch and push public Twitter/X user-generated content which the agent is expected to read and could materially influence its actions, creating a clear avenue for indirect prompt injection.