wechat-article-fetch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill (scripts/fetch.js and SKILL.md) explicitly fetches and scrapes public WeChat article URLs (e.g., https://mp.weixin.qq.com/...) using Playwright, returns the extracted title/content/images for the AI to read and uses that content to decide follow-up actions (e.g., auto-invoking legal-text-format), thus exposing the agent to untrusted, user-generated third-party web content.