make-game

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public tweet content as part of its required "Form B" pipeline (see tweet-pipeline.md and SKILL.md: "Fetch the tweet using the fetch-tweet skill" / convert URL to api.fxtwitter.com), and that untrusted user-generated text is used to derive the game's concept and drive asset/flow decisions, so it can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's "Form B" tweet-pipeline explicitly fetches tweet text at runtime via URLs like https://api.fxtwitter.com//status/ (using the fetch-tweet skill / WebFetch) and injects that third-party text into the agent's creative-abstraction flow, which means external content is fetched at runtime and used directly as model input — a clear vector for prompt/control injection.