weixin-fetch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime workflow (scripts/fetch_weixin.py and SKILL.md) uses Playwright to navigate to and scrape arbitrary WeChat public article URLs (mp.weixin.qq.com) supplied by the user and parses their HTML into Markdown and metadata, so it clearly ingests untrusted third-party content that can influence how the agent formats/saves data and thus could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill directly loads user-supplied WeChat article URLs (https://mp.weixin.qq.com/...) at runtime using Playwright, which executes the page's JavaScript in a real browser, so the fetched external content can execute remote code and is required for the skill to operate.