x-mastery-mentor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Scene E account-diagnosis workflow explicitly instructs the agent to fetch and scrape public X/Twitter pages (e.g., "方式1: computer-use 工具 → 打开 https://x.com/{username}" and "方式2: claude-in-chrome 浏览器工具 → navigate到用户主页 → read_page获取DOM"), which ingests untrusted, user-generated third‑party content and then uses that content to drive diagnostics and subsequent automated decisions, creating a clear risk of indirect prompt injection.