baoyu-post-to-wechat

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime scripts clearly fetch and ingest open-web content — e.g., scripts/wechat-api.ts's loadUploadAsset downloads images from arbitrary http(s) URLs and scripts/wechat-agent-browser.ts takes snapshots of and reads pages on https://mp.weixin.qq.com (via agent-browser) and uses that page content to decide clicks and navigation — so untrusted third-party content is read and used to drive actions.