baoyu-post-to-wechat

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's browser publishing flow (scripts/wechat-agent-browser.ts and the SKILL.md "Browser method") programmatically opens and snapshots the public WeChat site (https://mp.weixin.qq.com), parses the page DOM and uses that live third‑party page content to decide clicks/fills/uploads as part of the workflow, which clearly ingests untrusted public web content that can influence the agent's actions.