tweet-thread-from-blog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md Step 2 explicitly fetches arbitrary blog post URLs using WebFetch/Chrome DevTools MCP and ingests public article body text and data to drive thread generation and optional Composio posting, so untrusted third‑party content could influence the agent's decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches user-supplied blog/article URLs at runtime (e.g., https://vercel.com/blog/how-we-optimized-package-imports-in-next-js) and injects the fetched article content into the model context to generate prompts/output, so remote content directly controls the agent's instructions.