x-to-markdown
Audited by Snyk on Jun 16, 2026
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The skill fetches outsider-authored free text from X at runtime (e.g., tweet/article content and referenced tweet text returned by X GraphQL/HTML in
scripts/graphql.ts→fetchTweetResult/fetchXArticle, then rendered into markdown inscripts/markdown.ts/tweet-to-markdown.ts), which becomes LLM-readable context via the agent’s conversion/output pipeline.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
-
Secret detected (high risk: 1.00). I scanned the skill files for literal, high-entropy credentials. I found a hardcoded bearer token in scripts/constants.ts:
DEFAULT_BEARER_TOKEN = "Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA";
This is a long, random-looking authorization token (percent-encoded = present), not a placeholder or simple example. A bearer token like this can be used in API authorization headers, so it meets the definition of a secret (high-entropy, literal credential). No other high-entropy secrets (API/private keys or PEM blocks) are present; other values are identifiers, user-agent strings, cookie names, or simple defaults which are not secrets.
Issues (2)
Third-party content exposure detected (indirect prompt injection risk).
Secret detected in skill content (API keys, tokens, passwords).