spaces-live

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's scrape and manager scripts (e.g., src/scrapeSpaces.js and src/spacesManager.js) explicitly instruct scraping and interacting with public X/Twitter pages like x.com/search?q=... and timelines, ingesting user-generated Space metadata which the agent would read and act on (join/request to speak), exposing it to untrusted third-party content.