wechat-article-extractor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill fetches and parses public, user-generated WeChat pages (mp.weixin.qq.com and weixin.sogou.com) in scripts/extract.js using request-promise, and it directly interprets and even evals page script content (new Function(...) calls) and follows transfer links, so untrusted third-party article content can materially influence extraction logic and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches remote WeChat pages at runtime (e.g., https://mp.weixin.qq.com and https://weixin.sogou.com) and then directly evaluates JavaScript extracted from those pages via new Function, which executes remote content as code.