content-draft-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md workflow (Step 1 and Step 2) requires collecting up to 5 user-provided reference URLs and explicitly instructs the agent to fetch and analyze content from those URLs (via web_fetch and Twitter/X handling), so arbitrary public third-party content is ingested and directly shapes prompts and generation.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill fetches user-supplied reference URLs at runtime (via the web_fetch tool) and explicitly transforms Twitter/X links to API calls like https://api.fxtwitter.com/username/status/123456, then injects and analyzes that fetched content to build the meta-prompt and drive generation—meaning external content directly controls prompts and is a required dependency.