x-to-obsidian

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md) instructs the agent to open arbitrary X/Twitter URLs using agent-browser ("agent-browser open """ and "agent-browser snapshot") and to extract and parse user-generated post content (author, text, images, metadata) which the agent then uses to generate filenames and save actions in the Obsidian vault, so untrusted third-party content is fetched and interpreted in a way that can influence subsequent tool actions.