xurl

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill clearly fetches and ingests public, user‑generated X content (e.g., "xurl read https://x.com/user/status/...", "xurl search", timelines/mentions, streaming endpoints, and webhook events shown in SKILL.md) and the documented workflows explicitly instruct the agent to read those results and then like/reply/repost them, so untrusted third‑party content can influence subsequent tool actions.