aws-wechat-article-images

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill sends prompts (which may include article text) to a user-configured external image_model.base_url and the image_create.py script explicitly parses API responses (message content and returned URLs) and will download public URLs from those third-party endpoints (see SKILL.md "会把图片提示词...发给用户配置的图像生成端点" and scripts/image_create.py::_image_bytes_from_openai_like_result), so untrusted remote content is ingested and can directly determine downloads and generated images used by the agent.