wjs-syndicating-articles

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Outsider free text is ingested from $FOLDER/article.md (Step 2: “读 $FOLDER/article.md 和 $FOLDER/meta.json…抽出核心文案…写入 post.txt”), and that extracted prose is then placed into the agent’s LLM context via the skill’s “你来做，不是脚本” requirement (the agent must read/transform the article text at runtime).