fetch-wechat-article

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches and scrapes arbitrary public WeChat article URLs (e.g., SKILL.md examples like "https://mp.weixin.qq.com/s/xxxxx" and scripts/fetch.js using page.goto(url) and page.evaluate to extract #js_content), and the fetched user-generated content is programmatically inspected and used to decide follow-up actions (e.g., automatically invoking the legal-text-format skill), so untrusted third-party content can materially influence agent behavior.