social-media-extractor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests public, user-generated social media content as part of its runtime (e.g., _postplus_shared/00-core/shared-runtime/scripts/download_videos_from_manifest_with_ytdlp.mjs reads manifest items.item.sourceUrl and downloads those external URLs, and the SKILL.md describes routing into platform skills to collect/normalize/analyze public social data), so untrusted third‑party content is fetched and then used to drive normalization, summaries, and downstream decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime invokes the PostPlus hosted API (e.g. ${config.apiBaseUrl}/api/postplus-cli/hosted/capability and ${auth.apiBaseUrl}/api/postplus-cli/auth/refresh) to run hosted capabilities and return outputs that can execute remote logic or drive agent behavior, so this is a runtime external dependency that can execute remote code.