content-draft-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly asks users for up to 5 reference URLs and Step 2 says it will fetch content from all reference URLs using WebFetch (including FxTwitter for Twitter/X), so the agent ingests arbitrary public web/social media content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill fetches external reference content at runtime and explicitly injects "ALL fetched content" into subagent prompts (example: https://api.fxtwitter.com/username/status/123456), so remote content from that URL directly controls the agent's prompt inputs and is a required dependency.