baoyu-danger-x-to-markdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and scrapes public X/Twitter content (SKILL.md says it converts x.com/twitter.com URLs) — e.g., scripts/graphql.ts and http.ts call https://x.com and GraphQL endpoints and scripts/main.ts calls fetchXArticle/fetchXTweet and media-localizer downloads remote media — and the code (scripts/markdown.ts, scripts/referenced-tweets.ts) parses and incorporates user-generated tweet/article content (including MARKDOWN entities) into its workflow, which can materially influence actions like fetching referenced tweets, media-download decisions, and final output formatting.