x-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill visits and automates actions on public X (Twitter) pages — e.g., navigateToTweet in lib/browser.ts and scripts like post.ts, like.ts, reply.ts/quote.ts/retweet.ts which load https://x.com or arbitrary tweet URLs supplied at runtime — so it fetches untrusted, user-generated web content and uses the page DOM as part of its workflow, exposing the agent to indirect prompt-injection-like risks.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs modifying host and container code (src/ipc.ts, Dockerfile, build scripts), copying skill files into the container, and reusing the user's real Chrome profile and restarting the service so the agent can spawn subprocesses on the host and access persistent browser sessions — effectively enabling remote control and host-state changes.