x-twitter-scraper

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt explicitly documents using an API key in an x-api-key header and even says to "set it as an environment variable or pass it directly" (with example export and header), so an agent could be instructed to embed secret values verbatim in commands/requests — although reading from env vars is supported, the "pass it directly"/header examples create a meaningful exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and acts on user-generated X/Twitter content via the Xquik API (e.g., /x/tweets/search, /x/tweets/{id}, /extractions, and /draws) as shown in SKILL.md examples, so arbitrary third-party tweets/replies could influence agent decisions and actions.