mp-weixin-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to browse and scrape public image sites (e.g., Pexels/Unsplash) using browser MCP (see references/cover-guide.md) and to download remote images referenced in articles (see SKILL.md and references/image-upload.md), and those fetched third‑party resources are then used to choose, process, and upload content and drive subsequent API actions, so untrusted web content can influence tool behavior.