baoyu-post-to-x

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly downloads remote images referenced in user markdown (scripts/md-to-html.ts uses http/https to fetch arbitrary image URLs) and navigates to/arbitrarily opens public X/Twitter pages provided by the user (scripts/x-quote.ts and other browser scripts), so it ingests and interprets untrusted, user-generated web content as part of its workflow.