x-posting

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to "Check notifications — reply to any real engagement" and to visit public pages (profile, product URL, analytics) on X and external sites, meaning it fetches and must read untrusted, user-generated third-party content (notifications/posts/profile pages) and then act on it (reply/post), enabling indirect prompt injection.