baoyu-post-to-wechat

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill downloads and renders arbitrary remote content from markdown and extensions—e.g., scripts/md-to-wechat.ts resolves and downloads HTTP(S) image URLs via downloadFile, and scripts/md/extensions/plantuml.ts (fetchSvgContent) fetches SVGs from public PlantUML (default https://www.plantuml.com/plantuml)—which are untrusted third-party sources that the agent ingests and incorporates into the posting workflow.