gzh-explosive-content-detector

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow calls scripts/fetch_gzh_trends.py which fetches third‑party WeChat article data from https://onetotenvip.com/skill/cozeSkill/getWxCozeSkillData (and ingests oriUrl links to mp.weixin.qq.com), and the SKILL.md and references explicitly require the agent to read and use that returned user-generated content to score, filter, and decide next actions, so untrusted third‑party content can materially influence behavior.