wechat-publish-pipeline

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). Contains explicit instructions to evade content-moderation (e.g., rewrite prompts to replace banned technical terms like "exploit"/"malware" with euphemisms and retry), which is a deceptive directive outside the stated purpose of writing and publishing articles.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests public content — e.g., Step 0 searches Hacker News (https://news.ycombinator.com/best), GitHub Trending (https://github.com/trending) and Twitter/X, and Step 1 uses baoyu-url-to-markdown to scrape arbitrary source URLs as required inputs that directly drive topic selection, writing, and prompt/tool actions, so third-party content can influence agent behavior.