wecom-doc-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md and get_doc_content / smartpage_get_export_result APIs) explicitly fetches and reads document content from external user-generated URLs on doc.weixin.qq.com (e.g., calling get_doc_content with "https://doc.weixin.qq.com/doc/xxx" and reading exported Markdown files), so the agent ingests untrusted third-party content that could contain instructions influencing its actions.