fetch-url

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill (SKILL.md and scripts/fetch_url.py) explicitly fetches and renders arbitrary http/https URLs (via Playwright) and pulls public Twitter/X data (via FxTwitter API), returning extracted page/tweet content that an agent is expected to read and could materially influence subsequent actions, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill, when given X/Twitter links, performs a runtime fetch to the FxTwitter API at https://api.fxtwitter.com/2/status/{id} and requires/uses the returned JSON to render Markdown that is injected into the tool's output (i.e., remote content directly controls the agent-visible text), so this external URL is a runtime dependency that can control prompts/content.