post-to-wechat

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts/cdp_export.ts accepts an arbitrary --source URL and opens it via Chrome CDP (openTarget(args.cdp, args.source)), extracts document.innerText/selector content as markdown, and then uses that untrusted, third-party content to generate/paste HTML and fill fields in the WeChat workflow (SKILL.md and the script show this flow), so external page content can influence actions.