baoyu-post-to-x

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill automatically downloads and processes remote images and HTML from arbitrary HTTPS URLs referenced in user-supplied Markdown (see scripts/md-to-html.ts's resolveImagePath/downloadFile and references/articles.md "Remote Images: Automatically downloaded to temp directory") and then uses that parsed content (HTML, placeholders, images, title/cover) to drive automated browser actions and paste/upload flows in x-article.ts, so untrusted third-party content is ingested and can materially influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). This skill invokes ${BUN_X} which falls back to running "npx -y bun" at runtime, causing code to be fetched from the npm registry (e.g. https://registry.npmjs.org/bun) and executed as a required dependency.