x-twitter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly retrieves public user-generated content from X/Twitter (see SKILL.md and the commands like "search", "get", "mentions", "timeline", "search-news" and their docs/dist/commands implementations) which the agent is expected to read and can drive follow-up actions (post/like/follow/repost/etc.), so untrusted third‑party content could supply instructions that alter agent behavior.