xurl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and read user-generated public X content (e.g., via xurl read/search/timeline/mentions and raw API endpoints) and to parse JSON results and then take follow-up actions (see "Reading & Search", "Agent Workflow", and "Search and engage" workflows), so untrusted third-party posts can influence tool use and decisions.