writing-assistant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — SKILL.md Step 2 explicitly requires searching and ingesting public platform content (e.g., xiaohongshu via MCP search_feeds, node scripts/search_wechat.js for WeChat, bird search for X/Twitter, WebSearch/WebFetch) and mandates recording and applying those results to select techniques and drive subsequent writing/publishing actions, so the agent will read untrusted, user-generated third‑party content that can materially influence its decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The README and install examples explicitly instruct fetching and unpacking code from GitHub (e.g. https://github.com/VegetaPn/writing-assistant-skill via curl/unzip), which is a remote archive that would be retrieved during setup/runtime and results in executing or installing code that controls the agent's behavior.