media-auto-publisher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill uses Playwright to navigate to public platform URLs (e.g., the publish/home/login pages listed in references/platforms.md and platform_navigator.py such as https://baijiahao.baidu.com, https://mp.sohu.com, https://www.zhihu.com, etc.), captures and parses page "snapshots" (see scripts/media_publisher.py detect_popup_in_snapshot and generate_mcp_commands and scripts/platform_navigator.py PopupCloseHandler) and then makes automated decisions (clicks, closing popups, navigation) based on that untrusted third‑party content, so external page content can influence tool actions.