notifications-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's instructions explicitly scrape and ingest user-generated content from x.com (e.g., x.com/notifications and x.com/USERNAME/followers via scripts/scrapeNotifications.js, src/notificationManager.js and src/welcomeNewFollowers.js) and then use that content to drive filtering, prioritization, and automated replies, which could allow untrusted third-party content to influence agent actions.