social-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's sync command pulls notifications from public social platforms into inbox-{platform}.yaml and the agent workflow explicitly instructs "read inbox, decide, write outbox" (SKILL.md agent loop and references/agent-loop.md, including the LLM-driven outbox generation example), so untrusted, user-generated social/web content is ingested and can directly drive actions the agent will take.