wechat-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md's "第二步：搜索 + 写作" explicitly requires the agent to run WebSearch and WebFetch to retrieve and scrape 2–3 articles from public websites (examples include OSCHINA, CSDN, VS Code官网) and then read/interpret those sources to produce and act on the article content, so untrusted third‑party content can materially influence the agent's outputs and next actions.