twitter-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests public, user-generated Twitter content via required endpoints such as TWITTER_RECENT_SEARCH, TWITTER_FULL_ARCHIVE_SEARCH, TWITTER_USER_LOOKUP_BY_USERNAME, and bookmarks/lists (see "Search Posts" and "Look Up Users" workflows in SKILL.md), so the agent will read and act on untrusted third-party posts/profiles.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires connecting to the external MCP server https://rube.app/mcp at runtime (via RUBE_SEARCH_TOOLS) to fetch current tool schemas that determine available tools/behavior, so the fetched content directly controls agent instructions and is a required dependency.