content-extractor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly fetches and renders arbitrary public webpages (see content_extractor.py and SKILL.md where it uses curl/requests and Playwright to access sites like mp.weixin.qq.com, douyin.com, bilibili.com, xiaohongshu.com), parses user-generated/untrusted content to extract media/metadata, and then uses those results to drive downloads and downstream actions, so third-party page content could materially influence agent behavior.