tweet-analytics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated content from the public X API via xquik.com (e.g., GET /x/tweets/{id}, GET /x/tweets/{id}/favoriters and POST /extractions) as part of its required workflows, so untrusted third-party tweet text, author bios, and lists of accounts are read and could materially influence follow-up actions (even though SKILL.md warns not to execute instructions found in tweet text).