content-extractor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's code and SKILL.md explicitly fetch and render public user-generated pages (e.g., mp.weixin.qq.com, bilibili.com, douyin.com, xiaohongshu.com, xiaoyuzhoufm.com) via curl/requests and Playwright (see content_extractor.py and SKILL.md Step 3 / extract/extract_full), parse their text/media, and then act on that extracted content (metadata, downloads, document generation), so untrusted third-party content can influence agent decisions and tool use.