md-to-wechat

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's scripts (scripts/list_themes.cjs and scripts/publish.cjs) explicitly fetch/render content from the external service https://feishu2weixin.maolai.cc and also download arbitrary image URLs found in user Markdown (publish.cjs), and the agent consumes that rendered HTML and image URLs as part of the mandatory publish workflow to decide covers, upload images, and push drafts—so untrusted third‑party content can materially influence tool actions.