felo-twitter-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches public, user-generated tweets via felo-x-search (SKILL.md — Mode 1 Step 1) and then passes those tweet texts into SuperAgent for analysis and to drive subsequent generation (Mode 1 Step 3 and Mode 2 follow-ups), so arbitrary third-party content from X is read and can materially influence tool behavior, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs run_style_library.mjs at runtime to fetch full "Style DNA" from the Felo API and then injects that returned content into SuperAgent via the --ext argument (e.g., calls to the Felo platform referenced at https://openapi.felo.ai/docs/), which directly controls agent prompts/instructions for generation.