xhs-publish

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses arbitrary web pages via "WebFetch" from user-provided URLs (see "输入判断" step 4 and "Step A.1: URL 提取模式"), meaning untrusted third‑party page content and images are read and used to compose and drive publishing decisions.