xactions-mcp-server

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs users to copy their X auth_token cookie and place it verbatim into an environment variable/config (shown with a placeholder in the example), which means an agent or LLM may be asked to accept, handle, or embed the actual secret value in outputs or generated config—creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly describes scraping and ingesting public X/Twitter user-generated content (e.g., x_get_profile, x_get_tweets, x_search_tweets, x_get_followers) which the agent reads and can influence actions like posting, following, or workflows, exposing it to untrusted third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Start uses "npx xactions-mcp", which at runtime fetches and executes the remote npm package (e.g. https://www.npmjs.com/package/xactions-mcp or via the npm registry at https://registry.npmjs.org), so remote code is retrieved and executed as a required dependency.