twitter-brief

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to read credentials from references/credentials.md and type the username and password verbatim into login fields (auto-login flow), which requires the LLM to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill automates browsing to and scraping tweets from https://x.com/home and https://x.com/i/bookmarks (user-generated, public Twitter/X content) and explicitly reads and interprets those posts to summarize them and drive NotebookLM notebook/audio creation, so untrusted third-party content can influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill calls source_add(..., url="[tweet URL]") at runtime and therefore fetches remote tweet/bookmark URLs on https://x.com/* and injects that external content into NotebookLM model context to generate podcasts, creating a clear prompt-injection risk from those runtime-fetched URLs.