x

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to use the xurl CLI to fetch and read public X/Twitter content (e.g., "read tweets", "search posts", "view user profiles, timelines" in the SKILL.md), which is untrusted user-generated third-party content that the agent will read and could influence its actions.