x-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly runs hosted collection actors that scrape public X/Twitter content (see SKILL.md and _postplus_shared/20-research/x-references/actor-selection.md referencing tweet-scraper and twitter-user-scraper) and includes scripts that ingest and process that user-generated content (normalize_x_dataset, rank_x_posts, cluster_x_bios_and_posts and download_videos_from_manifest_with_ytdlp.mjs), so untrusted third-party posts/URLs are read and used to drive downstream ranking, clustering, and downloads.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The code calls PostPlus hosted APIs at runtime (e.g. ${config.apiBaseUrl}/api/postplus-cli/hosted/collection, ${config.apiBaseUrl}/api/postplus-cli/hosted/capability, and ${auth.apiBaseUrl}/api/postplus-cli/auth/refresh) to run hosted collection/capability operations that execute remote work and return payloads the skill requires, so the external endpoints perform remote execution the skill depends on.