postiz

This document is a usage guide for the Postiz CLI and does not contain obvious embedded malware or intentionally obfuscated malicious code. The principal risks are operational and supply-chain: (1) credential forwarding if users set POSTIZ_API_URL to an attacker-controlled endpoint, (2) privacy/exfiltration of media/content to remote Postiz endpoints (expected behavior), and (3) expanded trust surface when chaining third-party media generators like agent-media. Recommendations: treat POSTIZ_API_KEY as sensitive, verify and prefer the official POSTIZ_API_URL over custom endpoints, ensure TLS/certificate verification for any custom endpoints, avoid passing the API key to untrusted hosts or scripts, and vet third-party media generators before integrating them into automation pipelines.