style-modeler

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt contains explicit instructions to bypass security controls for extracting WeChat articles (e.g., "绕过安全限制", modify User-Agent and disable blink features), which are deceptive/unauthorized actions outside the legitimate scope of style analysis and thus constitute a prompt injection.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md Section "1. 获取样本、预处理与策略路由" (A. 多态输入处理 → URL 输入（自动提取）) explicitly requires calling a web-article-extractor or browser tool to fetch arbitrary article URLs (including public WeChat links) and to use the extracted pure-text as the analysis sample that drives creation/update of style files, so untrusted third-party content is ingested and can materially influence agent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). 该技能明确要求“使用绕过安全限制的模式（配置 User-Agent 和 disable-blink-features）”来抓取微信公众号内容，并且强制将提取内容保存/创建/覆盖到项目根目录下的 docs/ 与 .claude/styles/ 文件，指示绕过安全机制并修改主机上的文件状态，具备较高风险。