wechat-cell-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Step 1 "Information Retrieval" explicitly instructs fetching and saving content from public sites (e.g., PubMed, Nature/Cell, 丁香园/DXY, WeChat competitor articles) and includes automation scripts that navigate and screenshot arbitrary URLs (scripts/screenshot-paper.ts, fetch-reference-images.sh and run-workflow.js), and that fetched research.md is then read/used to select topics, generate prompts/images and drive publish decisions—so untrusted third-party content is ingested and can materially influence agent actions.