search-x

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The script scripts/search.js calls xAI's /v1/responses with the x_search tool to retrieve and display real, user-generated tweets from X/Twitter (x.com/twitter) for arbitrary queries, so the agent directly consumes untrusted third-party content.