tweet-replicate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests public, user-generated X/Twitter content (status JSON, avatars, and media) from arbitrary status URLs (see scripts/fetch_tweet_snapshot.py calling https://api.fxtwitter.com/2/status/{id} and download_with_ytdlp/ download_file flows used by render_tweet_replica.py and references/workflow.md), and that external content is parsed and directly drives downloads, rendering, recording, and transcoding decisions—so untrusted third-party data can materially influence tool behavior.