blog-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Mode Three (references/mode-3-search.md) explicitly instructs the agent to use websearch/google_search and an x-scraper to fetch and ingest X.com posts (user-generated public content) and to read/organize those posts into articles, which clearly exposes the agent to untrusted third-party content that can influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's Mode 3B uses the x-scraper to fetch X.com posts at runtime (e.g., https://x.com/username/status/1234567890123456789 and other https://x.com/... links) and injects the raw post content into the agent's output/context, meaning externally-fetched content can directly influence prompts/outputs.