wechat-article-extractor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and README explicitly instruct the agent to fetch the user-provided mp.weixin.qq.com URL (web_fetch), search for and download mirror pages from public aggregator sites (53ai.com, ofweek.com, juejin.cn, woshipm.com, 36kr.com) via web_search and curl, and optionally read Chrome Relay snapshots (browser), so untrusted third‑party HTML/user-generated content is ingested and used to drive extraction and next‑action decisions.