baoyu-post-to-x

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly navigates to and interacts with public x.com pages (e.g., scripts/x-article.ts, scripts/x-browser.ts, scripts/x-quote.ts) and downloads remote images referenced in user Markdown (scripts/md-to-html.ts), meaning it ingests untrusted, user-generated web content and DOM data which the agent reads and acts on during the publish/interaction workflow.