community-notes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly directs the script to navigate to and DOM-scrape Community Notes on public X/tweet pages (x.com/home or tweet pages), thereby ingesting and acting on user-generated, untrusted content (Community Notes) which can influence writing/rating actions and thus enable indirect prompt injection.