postiz

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documented workflow (e.g., SKILL.md and INTEGRATION_TOOLS_WORKFLOW.md) explicitly calls out commands that fetch and consume dynamic, public third‑party content—such as postiz integrations:trigger (getFlairs, searchSubreddits, getPlaylists, getCompanies) and postiz posts:missing which returns provider content URLs—and then uses those untrusted/user-generated outputs (flair IDs, playlist IDs, release URLs) to build posts and drive subsequent actions, meaning external content can materially influence tool behavior and enable indirect prompt injection.