scrapecreators-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly tells the agent to call the ScrapeCreators API (https://api.scrapecreators.com and per-endpoint paths such as /v1/tiktok/profile, /v1/reddit/post/comments, /v1/twitter/tweet, etc.) to fetch public, user-generated social media content (posts, comments, transcripts) which the agent is expected to read and act on as part of its workflow, exposing it to untrusted third-party content that could contain indirect prompt-injection.