premium-subscriptions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to navigate to and run browser console scripts on public X/Twitter pages (e.g., x.com/settings/account and profile/compose pages) and to read DOM elements like subscription info and badges, which are untrusted, user-generated web content that the agent interprets to decide feature access and next actions.