read-gzh

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and scrapes user-provided WeChat public-account article URLs via scripts/fetch_wechat_article.py and downloads article image URLs (e.g., with curl), so the agent ingests arbitrary, public/untrusted third-party content which it reads and summarizes.