x-operations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly uses read actions (x-search, x-timeline, x-tweet-info, x-user-info) to fetch public, user-generated tweets and profiles from X/Twitter (see "Search tweets" and "Get user timeline" and the cross-channel workflow examples) and instructs the agent to analyze that content to choose or compose actions (e.g., pick the hottest tweet and reply), which allows untrusted third-party content to influence behavior.