laniameda-x-post

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's SKILL.md requires fetching X/Twitter posts via x-tweet-fetcher and autonomously "Follow All Links" (web pages, YouTube via references/supadata.md, PDFs, GitHub, Instagram, etc.), extracting verbatim prompts and workflows and then saving/encoding them into the KB or new skills, which clearly ingests untrusted, user-generated third‑party content that can influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes the Supadata API (https://api.supadata.ai/v1) at runtime (transcript/extract/web_srape endpoints) to fetch transcripts and extract on-screen prompts which are then injected verbatim into the agent's KB and can be used to generate/modify prompts or skills, so external content from that URL directly controls agent instructions.