tweetsmash-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated posts from the public TweetSmash API (GET /bookmarks at https://api.tweetsmash.com/v1 as documented in SKILL.md and references/api-reference.md, which expose tweet_details.text and require the agent to inspect/return and act on responses), so untrusted third-party content could influence labeling and other follow-up actions.