baoyu-post-to-x

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and ingests untrusted third‑party content: scripts/md-to-html.ts explicitly downloads remote images via downloadFile/resolveImagePath for Markdown articles, and the x-quote/x-browser/x-article flows navigate to and read user-supplied x.com URLs and page DOM, and that fetched/parsed content (images, placeholders, page content) is used to drive browser actions (insertion, selection, publishing), so external content can materially influence tool behavior.