tweet-thread-from-blog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md Step 2 explicitly tells the agent to fetch arbitrary blog post URLs using WebFetch or Chrome DevTools MCP and extract title, author, body text, stats and quotes (public third‑party content) which the agent must read and use to drive tweet generation and posting, exposing it to indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches user-supplied blog URLs at runtime (e.g., https://example.com/blog/post) via WebFetch/Chrome DevTools MCP, and the fetched page content is injected into the model context to drive thread generation, so that external content directly controls the agent's prompts.