x-tracker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests user-generated social media content (X/Twitter) via the X API (e.g., scripts/fetch-following-tweets.ts, fetch-my-tweets.ts, scripts/api.ts) and reads Notion pages (scripts/notion.ts/readPageContent), and those fetched items are directly consumed by analyze/rewrite workflows (scripts/analyze.ts) and sub-agents for rewriting—so untrusted third-party content can materially influence agent decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The rewrite-from-URL flow fetches external Notion page content at runtime (via the Notion API endpoint https://api.notion.com/v1 after parsing notion.so/ URLs), and that fetched content is injected as the candidate text for sub-agent/model rewrites — i.e., remote content directly controls the model input.