baoyu-post-to-x

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly downloads and ingests content from arbitrary public URLs — e.g., scripts/md-to-html.ts (resolveImagePath/downloadFile) automatically fetches remote images referenced in user-supplied markdown, and the browser scripts (x-quote.ts / x-article.ts / x-browser.ts) navigate to or accept arbitrary x.com tweet/article URLs — so the agent reads and uses untrusted, third‑party web content as part of its workflow.