wechat-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and acts on open web and user-provided content — e.g., the /sprout and /harvest flows accept external links/user-supplied material, Stage 1 "Research" says "Agent进行搜索" and calls scripts/research.py to produce Research_Report.md, and the SEO flow can call the wechat-index-query tool and update knowledge/wechat_index_keywords.md — these third‑party sources are read and their findings directly influence SEO, Seed inclusion, planning and downstream editorial actions.