twitter-thread-creation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md instructs the agent to fetch and use open-web content (e.g., "belt app run infsh/agent-browser" to screenshot arbitrary URLs like https://example.com/pricing and "belt app run tavily/search-assistant" for web research), so untrusted third‑party pages/search results are read and used as evidence that can influence content-generation and posting decisions, enabling indirect prompt injection.