x

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill includes automated login steps (form_input / typing) and references a local .env containing X credentials, which implies the agent must supply credential values verbatim into action fields (exposing secrets in output), creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to and reads public X (Twitter) pages (e.g., references/research.md instructs navigate to https://x.com/search?q=&f=live and use read_page/get_page_text; references/engage.md then drafts replies/quote tweets from that tweet text), meaning it ingests untrusted, user-generated content and uses it to drive decisions and actions—allowing indirect prompt injection.