baoyu-post-to-wechat

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and ingests remote, user-provided web resources (see scripts/md-to-wechat.ts: resolveImagePath -> downloadFile for http/https URLs) and the SKILL.md / references describe parsing markdown and auto-inserting those images/HTML into the Chrome-driven WeChat posting flow, so untrusted third-party content can directly influence the agent's actions.