xcli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly issues X/Twitter API calls (e.g., searchPostsRecent, getUsersBookmarks, getDirectMessagesEvents) and its required workflow (SKILL.md Step 3: "Parse the JSON response from stdout") directs the agent to fetch and parse user-generated, public Twitter content, which could contain instructions that materially influence subsequent actions.