wechat-article-maker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows explicitly fetch and parse arbitrary public URLs (e.g., the WebFetch call in "步骤 2: 链接内容获取与理解" and the article download/parse in "流程 2: 链接文章发布" and md-to-wechat's resolveImagePath/downloadFile), meaning untrusted, user-provided web content is ingested and interpreted to generate content and drive publishing actions—allowing indirect prompt injection via third‑party pages.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill repeatedly runs npx -y bun and uses scripts/ensure-deps.ts which runs npm install at runtime to fetch and install packages from the npm registry (e.g. https://registry.npmjs.org/) — this will download remote code during execution and those packages are required dependencies, so remote content is fetched and executed at runtime.