skills/bklit/bklit-ui/add-x-tweet/Snyk

add-x-tweet

Warn

Audited by Snyk on Jun 12, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.95). The required workflow fetches tweet text from an outsider-authored public X URL at runtime via fetch-tweet.mjs calling the FxTwitter API (https://api.fxtwitter.com/{user}/status/{id}), and that returned tweet.text is then printed as JSON and used to populate the agent’s LLM context.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 12, 2026, 08:02 PM

Issues

1

Security Audit — snyk — add-x-tweet