twitter-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly calls Twitter search and lookup endpoints (e.g., TWITTER_RECENT_SEARCH, TWITTER_FULL_ARCHIVE_SEARCH, TWITTER_USER_LOOKUP_BY_USERNAME) to fetch public, user-generated tweets and profiles from Twitter/X and instructs the agent to read and act on those results as part of workflows (Search Posts, Look Up Users, Interact with Posts), so untrusted third-party content can influence subsequent tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires adding and calling the runtime MCP endpoint https://rube.app/mcp (via RUBE_SEARCH_TOOLS) to fetch tool schemas that directly determine the agent's prompts/instructions, so this external URL is a required runtime dependency that controls agent behavior.