baoyu-danger-x-to-markdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and parses public, user-generated X/Twitter content (e.g., scripts/http.ts fetchHomeHtml/fetchText and scripts/graphql.ts resolveTweetQueryInfo/resolveArticleQueryInfo which pull HTML and JS chunks from x.com and then call fetchXTweet/fetchXArticle) and ingests tweet/article bodies (including MARKDOWN entities and media links) as part of its workflow — those third-party contents are untrusted and are used to determine request parameters and the agent's output/behavior.