x-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill runs hosted collection actors (e.g., "tweet-scraper" and "twitter-user-scraper") via runHostedCollection in _postplus_shared/00-core/shared-collection/scripts/lib/hosted_collection_bridge.mjs and ingests those actor outputs (public tweets/profiles) into normalization, ranking, clustering, and graph scripts, meaning untrusted, user-generated X/Twitter content is read and directly influences downstream decisions and tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls the PostPlus hosted APIs at runtime (e.g. https://<POSTPLUS_API_BASE_URL>/api/postplus-cli/hosted/collection) to run hosted collection/capability operations — an endpoint the code requires and which causes execution of remote hosted code, not just benign data fetching.