x-api-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated X content (e.g., GET /2/tweets/search/recent, the stream_tweets SSE example, and webhook events like tweet_create) as part of its documented workflows, so untrusted third-party posts could be read and influence actions such as posting, moderation, or follow-up tool use.