postiz

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's MCP tools (see mcp/tools and mcp/examples) and CLI integration workflows (e.g., cli/integrations and cli/managing-posts) explicitly fetch dynamic, user-generated content from public platforms—examples include retrieving Reddit flairs, Discord channel lists, YouTube playlists, and provider "missing" content—which the agent is expected to read and use (via integrationSchema/triggerTool and posts:missing) to make posting decisions and choose IDs/settings, so untrusted third-party content can materially influence subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs agents to load the SKILL markdown from the external repository https://github.com/gitroomhq/postiz-agent (or install via npx skills add gitroomhq/postiz-agent), which at runtime fetches remote skill content that can directly control agent prompts/instructions—this is a required runtime dependency for the recommended agent integration.