wechat-miniprogram

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's documentation and examples explicitly show loading and displaying external, user-generated content—e.g., the web-view component (references/components.md), external image URLs in examples (img1.gtimg.com in getting_started.md), and the public comments API (https://api.weixin.qq.com/wxaapi/comment/mpcommentlist/get in references/other.md)—which indicate the agent may consume untrusted third-party content as part of its workflow.