md2wechat

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow ("Discovery First" in SKILL.md) instructs the agent to run commands like md2wechat providers list --json, prompts list --json, and themes list --json and to inspect prompt/theme/provider metadata before use, and the tool also explicitly downloads and ingests arbitrary online images (e.g., md2wechat download_and_upload <url> and online image handling in references/image-syntax.md), which clearly fetches untrusted public third-party content that the agent must read and that can influence provider/prompt selection and subsequent actions.