baoyu-post-to-x

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's md-to-html.ts (and references/articles.md) explicitly downloads remote HTTPS images and parses user-supplied Markdown (including frontmatter cover_image and remote image URLs), then uses that parsed HTML and downloaded images to drive editor DOM actions, clipboard copies, and pasting in x-article.ts/x-browser.ts — so arbitrary, untrusted third-party content is fetched and directly influences tool actions.