write-social-post

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md "前置：抓取文章內容" step explicitly instructs fetching arbitrary URLs (using curl -fsSL "" | uvx trafilatura ...) to ingest third‑party web article content which the agent must read and use to compose posts, so untrusted web content could inject instructions that influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs at runtime to fetch arbitrary remote pages via curl (curl -fsSL "" | uvx trafilatura --recall --output-format markdown), and that fetched content is then injected into the agent's context to drive the generated post, so the runtime URL "" is a high-risk external dependency.