notion-to-weixin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill explicitly exports and ingests Notion pages and their assets (SKILL.md Steps 1–4), and even downloads external cover URLs with curl (Step 5), meaning it reads untrusted/user-generated Notion content and external resources that directly influence draft creation and tool actions.