x-article-downloader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly opens and snapshots public X/Twitter pages (Step 1: agent-browser open "https://x.com/{user}/status/{id}" and snapshot/eval calls) and then extracts metadata, images/videos, generates tags and a condensed title and renames files (Steps 3, 5, 7, 8), so untrusted, user-generated third‑party content is read and directly influences the agent's actions.