x-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to use the twitter CLI to search and read tweets, threads, replies, and user feeds on Twitter/X (public user-generated content), which the agent must interpret and synthesize as part of its workflow, exposing it to untrusted third-party content from Twitter/X.