agentbox-twitter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches public, user-generated Twitter/X content via the paid API endpoints (e.g., https://twitter.x402.agentbox.fyi/search, /tweet/{id}, /user/{ref}) and instructs the agent to read and act on tweets, threads, replies, and user profiles, which could contain untrusted instructions that influence downstream decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly requires and documents use of an x_payment tool that performs automatic USDC micropayments ($0.003/call) on Solana or Base mainnet. This is a specific crypto payment capability (on-chain payments) rather than a generic HTTP or browsing tool, and it enables the agent to send value for each API call. Therefore it contains direct financial execution capability.