baoyu-post-to-x

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests untrusted web content: md-to-html.ts downloads remote images from arbitrary http/https URLs, and x-quote.ts / x-article.ts launch Chrome to navigate to user-provided tweet URLs and X pages and read/inspect DOM/innerText (e.g., looking for buttons, placeholders, and editor content) which the scripts then use to decide clicks, uploads, and publishing actions, so third-party content can materially influence tool behavior.