pp-x-twitter

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs copying and pasting bearer tokens/cookies and using them verbatim in commands and config files (e.g., x-twitter-pp-cli auth set-token YOUR_TOKEN_HERE and writing cookies.json with pasted tokens), which forces the agent/LLM to handle and potentially output secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This SKILL.md explicitly instructs agents to run commands like x-twitter-pp-cli tweets stream-posts-firehose, tweets search-posts-recent, articles list, and other endpoints that fetch public X/Twitter posts and community notes (user-generated content) using --agent, meaning the agent will ingest and act on untrusted third‑party social media content at runtime.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime installation commands that fetch and execute remote code (e.g., "npx -y @mvanhorn/printing-press install x-twitter --cli-only" and "go install github.com/mvanhorn/printing-press-library/library/social-and-messaging/x-twitter/cmd/x-twitter-pp-cli@latest" and the MCP variant "github.com/mvanhorn/printing-press-library/.../x-twitter/cmd/x-twitter-pp-mcp@latest"), and the fetched binaries are a required dependency for the skill, so these external sources can directly execute remote code at runtime.