keyapi-threads-user-discovery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches user-generated Threads content via the KeyAPI MCP (e.g., endpoints like get_user_posts, get_post_comments, search_top_content) as shown in SKILL.md and implemented in scripts/run.js against https://mcp.keyapi.ai/threads/mcp, and those fetched public posts/comments are read and synthesized into reports—meeting the criteria for untrusted third-party content that could influence agent behavior.