promote-post

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Step 1: Get the Article" explicitly instructs the agent to retrieve full content from arbitrary public URLs (Substack, X article, blogs) via WebFetch and "read carefully" so the agent's tweet-writing decisions are directly driven by untrusted third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent at runtime to fetch arbitrary user-provided article URLs (via WebFetch / the r.jina.ai proxy) and inject that fetched content into the model context to craft tweets, which is a required runtime dependency and can directly control the agent via content-injection.