he4rt-marketing-extension

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The extension intentionally patches page-level fetch to harvest X/Twitter GraphQL responses and includes a built-in periodic "auto-push" to an external API (with a default endpoint shown), which provides a clear, deliberate data-exfiltration capability that can send collected user/profile engagement data off-host — a high-risk, easily-abused feature (no obfuscated backdoor or remote code-execution primitives were observed, but the fetch-interception + remote sync pattern is sufficient for deliberate misuse).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The extension's interceptor.js patches window.fetch to capture GraphQL responses from x.com/twitter.com (UserTweets, Favoriters, TweetDetail) which background.js ingests, filters, exports, and can auto-push via webhook—i.e., it reads and acts on untrusted, user-generated third‑party content as part of its runtime workflow.