storyclaw-x-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (scripts/get_timeline.py, scripts/get_user_tweets.py, scripts/search_tweets.py) explicitly fetch user-generated content from the public Twitter/X API and the SKILL.md Auto-Interaction Workflow (state/{USER_ID}.json) describes auto-replies/likes/retweets that read and act on that content, so untrusted third-party posts can materially influence the agent's actions.