wechat-daily-report

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow clearly ingests untrusted, user-generated chat data (scripts/analyze_chat.py reads an external chat JSON and writes simplified_chat.txt) and then instructs an AI to consume that simplified_chat.txt and stats.json (see references/ai_prompt.md) to produce ai_content.json which is directly used to drive rendering/behavior in generate_report.py, so malicious content in the chat could indirectly influence the agent's outputs and decisions.