huashu-image-upload

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the SKILL.md explicitly instructs using WebFetch to fetch images from public third-party sources (e.g., "WebFetch获取Wikimedia Commons图片链接" and "免费图库 → WebFetch搜索 + 下载" for Unsplash/Pexels/Pixabay), and those fetched, untrusted web-sourced images are used to choose, upload, and insert images into articles—meaning external content is ingested and can influence subsequent tool actions.