swipe-file-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill reads URLs from /swipe-file/swipe-file-sources.md and then fetches and ingests content from arbitrary public websites and Twitter/X (via WebFetch and the FxTwitter API) and passes that fetched, user-generated content into the content-deconstructor subagent for analysis, which clearly exposes the agent to untrusted third-party content and possible indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches arbitrary source URLs at runtime (including Twitter/X via the runtime API endpoint pattern https://api.fxtwitter.com/{username}/status/{tweet_id}) and injects the fetched content directly into the Task/subagent prompt, so remote content can directly control prompts and the agent's behavior.