persona

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches untrusted, user-generated content (e.g., capture.sh pulls X posts from https://api.x.com and playground/scan.sh/draft.sh use xAI Grok with x_search/web_search plus git-activity.sh reads public GitHub repos), and those live inputs are incorporated into the LLM prompt pipeline (draft.sh / apply.sh) so third-party content can materially influence model behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches user posts at runtime from X's API (e.g., https://api.x.com/2/users/by/username/ and https://api.x.com/2/users//tweets), and those fetched posts are injected into persona profiles that are directly used as system prompts for downstream LLM calls — a runtime external content source that directly controls prompts and is required for the skill to operate.