x-cdp-scraper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's runtime code (scripts/cdp_tweet_fetcher.py: _discover_query_ids_from_js and _discover_query_ids_from_browser fetch and parse public pages and JS bundles from https://x.com / abs.twimg.com, and scripts/fetch_articles.py fetches user-generated Article content via the TweetResultByRestId API), so it ingests untrusted, user-generated social media content and extracted query/field parameters that directly drive subsequent API calls and processing.