community-health-monitoring

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly calls x_get_followers and x_get_tweets (Workflow steps 2 and 3) and related browser scripts (e.g., src/auditFollowers.js) to ingest and analyze follower profiles and public tweets—user-generated, untrusted third-party content—which the agent uses to make decisions and recommend actions, creating opportunity for indirect prompt injection.