tweet-insight

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow (Step 1 and Step 2) explicitly instructs the agent to open user-provided tweet URLs with Playwright/browser_navigate and to resolve and fetch t.co shortlinks and external links via WebFetch/r.jina.ai (including quoted tweets, articles, PDFs, GitHub, etc.), meaning it ingests untrusted, user-generated public web content that the agent reads and uses to decide framing and follow-up actions.