postiz

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's MCP/CLI workflows explicitly call platform helper tools that fetch user-generated public content (e.g., triggerTool/getFlairs in mcp/tools.mdx and cli/integrations.mdx/platform-examples, and posts:missing in cli/managing-posts.mdx which fetches recent provider content) and the agent is expected to read and use those results to choose settings or next actions (e.g., select subreddit flairs, Discord channels, or provider content), creating a clear path for untrusted third-party content to influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The documentation explicitly instructs AI agents to "load the SKILL md file from https://github.com/gitroomhq/postiz-agent (or install it from ClawHub)", meaning the agent would fetch external markdown at runtime which can directly control prompts/instructions—so https://github.com/gitroomhq/postiz-agent is a runtime external dependency that can influence agent behavior.