x-openapi-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md and references/usage-patterns.md explicitly instruct the agent to fetch and parse public X API endpoints (e.g., https://api.x.com/2/openapi.json, /2/users/{id}/timelines, /2/users/{id}/bookmarks, and the stream https://api.x.com/2/tweets/search/stream), which are untrusted user-generated sources the agent is expected to read and that can materially influence follow-on actions like posting/replying/DMs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill invokes uxc with --schema-url https://api.x.com/2/openapi.json (and links x-openapi-cli to https://api.x.com), so at runtime it fetches the remote OpenAPI schema which is a required dependency and directly controls the agent/CLI’s available operations and request construction.