x-bookmarks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches user-bookmarked tweets from the open web via the xquik.com API (GET /x/bookmarks), which are user-generated/untrusted content and are explicitly read and summarized/categorized in the Typical flow, so those tweets could contain prompt-injection payloads that influence agent behavior.