grok-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill (see SKILL.md and scripts/grok_search.mjs) instructs the xAI Responses API to use server-side web_search and x_search tools to fetch public web pages and X/Twitter posts, then parses and acts on those results/citations as part of its workflow, exposing the agent to untrusted third-party content.