my-fetch-tweet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to WebFetch public X/Twitter posts (via URLs like https://api.fxtwitter.com/{screen_name}/status/{id}) and to extract and interpret tweet.text and related fields for summarization/translation, meaning untrusted, user-generated third‑party content is consumed and directly drives the agent's outputs—creating a clear avenue for indirect prompt injection.