wechat-watch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly deploys the wechat-download-api and polls/fetches public, user-generated WeChat articles via endpoints such as /api/public/articles and /api/article (and caches them in services/wechat-download-api/data/rss.db which scripts/check_articles.py reads), and the agent automatically summarizes and pushes that content to users, so untrusted third‑party content is ingested and can materially influence agent actions.