twitter-x-hub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's client code (scripts/client.py) directly fetches and parses public third‑party content — it downloads x.com HTML and JS bundles in _scan_bundles() and a raw GitHub JSON at TWITTER_OPENAPI_URL to resolve queryIds — and those external results are used to determine request endpoints and behavior at runtime.