baoyu-post-to-x

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly parses user Markdown and automatically downloads and ingests remote HTTPS images from arbitrary URLs (see scripts/md-to-html.ts resolveImagePath/downloadFile and references/articles.md "Remote Images: Automatically downloaded"), then uses that HTML and images to drive browser actions and insert content via scripts/x-article.ts, so untrusted third-party content is read and can materially influence tool actions.