saved-searches

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs running savedSearchManager.js on x.com (e.g., paste into the browser console on x.com/search and x.com) to scrape search results and trending topics, meaning the skill ingests untrusted, user-generated content from Twitter/X that could influence actions.