xclaw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill fetches live, user-generated tweets from the third-party pro.xclaw.info API (see SKILL.md "Trending Discovery" / "Recent Tweets" and xclaw.js calls like requestXClaw('/tweet/hot_tweets', '/tweet/kol_tweets', '/tweet/tweet_detail')), then ingests and uses that text/HTML to drive analyses and to generate drafts (e.g., slimTweets and the 'draft' command), so untrusted public content can materially influence agent behavior and actions.