wjs-picking-comments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly captures and fetches user-generated comments from mp.weixin.qq.com (via capture-comment-url.sh + fetch-comments-via-gstack.sh described in SKILL.md Step 3–4) and then hands those comments to the LLM to pick the Top‑5 (SKILL.md Step 5), so untrusted third‑party content is read and directly influences the agent's decisions and output.