baoyu-post-to-wechat

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill parses user-supplied Markdown and explicitly downloads remote resources (scripts/md-to-wechat.ts: resolveImagePath / downloadFile fetches http(s) image URLs from the markdown) and its PlantUML extension fetches SVGs from a public PlantUML server (scripts/md/extensions/plantuml.ts: fetchSvgContent / generatePlantUMLUrl), so it ingests arbitrary third‑party, user-provided web content that the agent processes and embeds.